I was reading through the guidelines for packages and reviews yesterday when I was planning on handling some package review requests when it came as a surprise I could find nothing at all about selinux.
In #fedora-devel sgallagh kindly let me know the present situation is not working with selinux enforcing is not a blocker to a review if it's not shipping on any blocking media, partially due to the high barrier to entry and partially due to a chicken/egg situation.
I wanted to suggest an addition to the Packaging Guidelines that makes this clear and to the Review guidelines to add to the SHOULD criteria something like:
The application should run with selinux enforcing, if it does not a ticket should be filed against selinux-policy
That way at least we can begin tracking which packages (okay it's new packages as a new review guideline ... but still) cause users to disable the security provided by selinux and act to provide policy for these where required.
We discussed this at this weeks meeting (http://meetbot.fedoraproject.org/fedora-meeting-1/2016-06-23/fpc.2016-06-23-16.00.txt):
Metadata Update from @james:
- Issue assigned to james
Metadata Update from @tibbs:
- Issue close_status updated to: None
- Issue tagged with: draftneeded
Closing in favor of #726.
Metadata Update from @ignatenkobrain:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)
to comment on this ticket.