danwalsh: Linux fragmentation - a view from the Security community
Dan Walsh points out in danwalsh: Linux fragmentation - a view from the Security community that we are heading for fragmentation in Linux Security , that's really not a good thing. I can't comment on the technical App Armor side yet but I think he really has some valid points here.. lots of people have been using SELinux and learning it for ages now, there indeed was the need for making SELinux easier to manage however we didn't need a totally ne environment.
Apart from that you might remember my comments on Security and Easy configuration regarding to firewalling. I think it also applies to MAC. If you make stuff to easy to configure you will get Mr Joe Random Newbie who thinks he correctly configured something but actually opened up a whole lot more than he actually wanted to. A security tool really shouldn't be something that can be used by novice users easily, maybe they should realise that the topic is too diffficult for them and get some help from people who actually understand what they are doing.
On the other hand there is the Learning normal behaviour
vs Learning Anomalies
strategy,
which one do you prefer ?
I`m interrested to see how other distributions will catch on with App Armor, how soon will we see packages for Ubuntu / Fedora / Mandriva etc.. time will tell wether , and usually the best package survives, I`ll keep looking at both sides :)
On a side note, has anyone got statistics on the chances that a proprietary project gone open grows a real community vs an open source project from day 1 ?