From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751524AbWDYCGm (ORCPT ); Mon, 24 Apr 2006 22:06:42 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751526AbWDYCGl (ORCPT ); Mon, 24 Apr 2006 22:06:41 -0400 Received: from h80ad24de.async.vt.edu ([128.173.36.222]:49833 "EHLO h80ad24de.async.vt.edu") by vger.kernel.org with ESMTP id S1751524AbWDYCGl (ORCPT ); Mon, 24 Apr 2006 22:06:41 -0400 Message-Id: <200604250206.k3P26Ogf015931@turing-police.cc.vt.edu> X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.1-RC3 To: Lars Marowsky-Bree Cc: Ken Brush , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks) In-Reply-To: Your message of "Mon, 24 Apr 2006 10:24:24 +0200." <20060424082424.GH440@marowsky-bree.de> From: Valdis.Kletnieks@vt.edu References: <1145309184.14497.1.camel@localhost.localdomain> <200604180229.k3I2TXXA017777@turing-police.cc.vt.edu> <4445484F.1050006@novell.com> <200604182301.k3IN1qh6015356@turing-police.cc.vt.edu> <4446D378.8050406@novell.com> <200604201527.k3KFRNUC009815@turing-police.cc.vt.edu> <200604211951.k3LJp3Sn014917@turing-police.cc.vt.edu> <200604230945.k3N9jZDW020024@turing-police.cc.vt.edu> <20060424082424.GH440@marowsky-bree.de> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1145930783_2476P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Mon, 24 Apr 2006 22:06:23 -0400 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org --==_Exmh_1145930783_2476P Content-Type: text/plain; charset=us-ascii On Mon, 24 Apr 2006 10:24:24 +0200, Lars Marowsky-Bree said: > That is about the dumbest argument I've heard so far, sorry. With the > same argument, these people shouldn't be allowed to admin any computer > system and be given a broom to wipe the floor, and let the experts take > care of the world for them. Anybody who's worked with a large community of actual end users will agree that most of them *shouldn't* be allowed to admin their computer. > Now that's a perfectly reasonable line of thought, and I've most > certainly had it when it comes to HA and clusters myself, but in no > means is it a good reasoning against the _technology_. If it is simpler > to use, it will be simpler to use even for smart people, who can then > put more care into their security profiles instead of worrying about the > complexity. I believe I stated quite clearly that there's certainly a place for tools that allow smart people to do this work. That's *totally* different from marketing the tool as "So simple, a chimpanzee could do it.". --==_Exmh_1145930783_2476P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQFETYQfcC3lWbTT17ARAmmvAJ9j5BdAh7u+lJtbcnCqPUuu0GsstACgvWJa wh5d29CrcddaPtF6oHGO2Eg= =wqLU -----END PGP SIGNATURE----- --==_Exmh_1145930783_2476P--