-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Jul 11, 2008 at 10:59:13PM +0200, Bastian Blank wrote: > I'm currently not able to see the problem to push a _fix_, not a > _workaround_, through stable-security. Please explain.
Pushing a fix to stable-security is easy -- we can patch the needed permission into refpolicy and ship it out as an update (http://tinyurl.com/5m3oza has a set of patched packages to do that). The problem is that with the way the refpolicy packages work today, this will fix only new installations; preexisting ones will stay broken. That will take a little time, and I don't want to do it without some testing and review, if at all possible with the refpolicy maintainers themselves -- mistakes in selinux configuration could either screw us now or set us up for trouble in the future. In the interim, we can address questions about the near-term breakage with a documented workaround. I've drafted one such here: http://wiki.debian.org/SELinux/Issues/BindPortRandomization Edits and clarifications, as well as input on a long-term fix, would be welcome. - -- Devin \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIfFh3U5XKDemr/NIRAmP2AKCZFYeDzyNYtfrlw5falDubIQZO6gCfQWZi /rV6aSMzAyt2mZHmBB/1qbo= =jlYt -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
