[DSE-Dev] Future of refpolicy

Mika Pflüger debian at mikapflueger.de
Sun Sep 29 18:52:46 UTC 2013

Hi Russel,

Dominick Grift, Laurent Bigonville and me have been working on getting
upstream refpolicy into shape for debian. Especially dgrift got tens of
patches written for upstream refpolicy last week (you might have read
it in refpolicy ml) and bigon made packages of upstream refpolicy [1].
We talked about the future of refpolicy in debian (over in #selinux at
freenode) and for us it seems the best option forward is to package
upstream, i.e. dropping all patches from the debian package. We do not
seem to have the resources to package new upstream refpolicy releases
maintaining all the patches in debian, so I think we are better of
starting from upstream. Also, many of the debian patches have been
upstreamed last year (although some are missing, like the useful lda
patches) and by going an "upstream first" route we possibly can have
very recent refpolicy versions in debian (in contrast to the current
situation, where we have a version of refpolicy in debian that was
released over three years ago). What do you think?

Back in June you said you were also working on policy in debian. How is
going? We should maybe coordinate efforts, such that we get useful
patches upstreamed asap and don't duplicate work.



[1] http://people.debian.org/~bigon/refpolicy/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20130929/6d0fb429/attachment.sig>

More information about the SELinux-devel mailing list