[vote] release OpenWrt 21.02 with additional SELinux SDKs and IBs

Dominick Grift dominick.grift at defensec.nl
Thu Mar 18 13:01:37 GMT 2021 


On 3/18/21 1:32 PM, Daniel Golle wrote:
> On Thu, Mar 18, 2021 at 12:53:43PM +0100, Dominick Grift wrote:
>>
>>
>> On 3/18/21 12:50 PM, Daniel Golle wrote:
>>> Hi Dominick,
>>>
>>>
>>> On Thu, Mar 18, 2021 at 09:13:46AM +0100, Dominick Grift wrote:
>>>> ...
>>>>
>>>> I kind of like the idea of turning the tables and make it opt-out
>>>> instead of opt-in, and again as long as it only affects master then I
>>>> see no issues with that at all because if someone does not like it then
>>>> he can just disable it in menuconfig.
>>>>
>>>> ...
>>>
>>> Sorry, but you have misunderstood my proposal.
>>> I am NOT suggesting to enable SELinux by default for anyone.
>>> Just offer additional (ie. opt-in) ImageBuilder and SDK to allow
>>> people to generated SELinux-enabled firmware if they like to, without
>>> having to build everything from source and with the option to receive
>>> binary updates from openwrt.org.
>>>
>>
>> No, I understood very well I believe. My reply was to Petr's "D option".
>>
>> I might have misunderstood his "D option"
> 
> Or maybe I did...

I suspect that you and I have pretty much the same idea but slightly
different.

I think we both want to make this functionality discoverable to a wider
audience. (easier to try out, so that we get some more feedback)

For me the goal is to get feedback from users so that the configuration
can be refined and more use-cases can be supported.

I understood Petr as saying, just enable selinux by default in master
branch only and then by the time a new version is branched we can
determine if the implementation is good enough to be enclosed with the
next version by default.

But I might have misinterpreted. if so that I have no clue what he meant.

I like that idea because then people that use master branch (which is
the development community) will get exposed to selinux whilst they still
have option to opt-out and then hopefully we get some meaningful
feedback that we can use to develop the configuration further.

As I understand it, you take a slightly different view, as you want to
provide pre-built IB's and and SDK's.

That works for me as well because that also lowers the barrier of
entrance (leading to feedback). However as Petr indicated it might be a
bit too late for that for the 21-something version now.

I just want some feedback (and I don't really care how I obtain it)
because the policy is pretty "stable" right now for the basic use cases
and for my personal use case. At the same time I know there is still a
lot of potential but I will not be able to tap that potential as i do
not have access to resources needed to test it out (i dont have IPTV, i
dont have multi-wan, i dont have an XBOX for upnp, i dont have a VOIP
telephone etc etc.

> 
> _______________________________________________
> openwrt-adm mailing list
> openwrt-adm at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-adm
>

More information about the openwrt-adm mailing list