------------------------------- Wed Jun 19 06:34:00 PM EDT 2024 ------------------------------- Transcript of Chat box from BLU meeting, Wed, Jun 19. 2024 Meeting held online via Jitsi Meet In attendance (17 total): Speaker(s): * Neil Hanlon (Rocky Linux) BLU officers: * John Abreau * Jerry Feldman * Bill Ricker Attendees (named): * Brandon Vogel * Brendan Kidwell * Chris Allen * Edward Piecewicz * Emilio Panighetti * Randy Cole * Robert Luoma * Taylor Goodwill (Rocky Linux) * Ted Rodgers Attendees (anonymous): * cow * lex (Rocky Linux) * MiraSkies2 * tdr ---------------------------------------------------------------------------- tdr says: wplug.org 18:46 ---------------------------------------------------------------------------- cow says:Hello! cow says:How is everyone? cow says:I do dude! cow says:(I know tdr from irc) cow says:Yea just have a bit of fun in the gentoo irc places cow says:Oh nice, nothing quite like free cookies 18:52 ---------------------------------------------------------------------------- Jerry Feldman Jerry Feldman says:Yum 🙂 18:54 ---------------------------------------------------------------------------- cow says:I sometimes do that with SELinux, write policies a bit too strong on production 😛 18:59 ---------------------------------------------------------------------------- tdr says:MiraSkies is also from the UK. North of London. Cow is SE of London. 19:09 ---------------------------------------------------------------------------- Jerry Feldman says:Welcome to the UKers 19:09 ---------------------------------------------------------------------------- cow says:😄 than ks cow says:It's wild over here, that's for sure cow says:that'd be nice to see 19:13 ---------------------------------------------------------------------------- Bill Ricker says:ROWLEY catches my attention , 19:13 ---------------------------------------------------------------------------- Brandon Vogel says:FYI BLU Rocky Linux was focus in August 2021 meeting: https://blu.org/cgi-bin/calendar/2021-aug 19:29 ---------------------------------------------------------------------------- lex (Rocky Linux) says:❤️ 19:40 ---------------------------------------------------------------------------- Brandon Vogel says:No specific questions but that was a great update on Rocky - thanks! 19:48 ---------------------------------------------------------------------------- Edward Piecewicz says:Thank you. 19:48 ---------------------------------------------------------------------------- cow says:May I ask a question? 19:54 ---------------------------------------------------------------------------- Jerry Feldman says:Yes 19:54 ---------------------------------------------------------------------------- cow says:In terms of SELinux support, RHEL and derived distros generally have fairly good SELinux support. How does Rocky manage extracting RHEL's policy? Do they fork off upstream SELinux refpolicy? Do they roll their own completly seperate from RHEL? And how does Rocky integrate into more secure enviroments where a tighter SELinux policy (possibly an entirely custom one)? In portage we have an SELinux eclass to help facilitate that, not sure if rocky provides anything similar Ah okay that's neat, thanks for the answer 19:56 ---------------------------------------------------------------------------- Brandon Vogel says:Any idea if there will ever be an installation option for Rocky (security policy maybe) that will come out pre-STIG-ed or at least better-STIG-ed? Or is there an Ansible script for this already like with RHEL? Brandon Vogel says:That's really good info - thanks. I'll try to use the DISA playbook for RHEL on Rocky next week and see how it compares after a SCAP scan to RHEL. Brandon Vogel says:Too lazy for that. 19:59 ---------------------------------------------------------------------------- cow says:A question regarding rpm's from someone that doesn't really work with binary formats myself, any noteably advantages over dpkgs in your opinion? cow says:lmao, yea thanks for the answer again cow says:oof, snaps 20:05 ---------------------------------------------------------------------------- Chris Allen says:sudo apt-get remove snapd 20:06 ---------------------------------------------------------------------------- cow cow says:there were struggling to find anything good about snap to talk about! /s 20:07 ---------------------------------------------------------------------------- lex (Rocky Linux) says:same 20:07 ---------------------------------------------------------------------------- Neil Hanlon (Rocky Linux) says:😛 20:07 ---------------------------------------------------------------------------- Randy Cole says:Oh Snap! 20:10 ---------------------------------------------------------------------------- cow says:I have an issue with Snap and Flatpak regarding that cow says:It isn't exactly mandatory which is my personal issue cow says:(regarding the entire user session), more the user opts into downloading sandboxed applications cow says:macOS implements it the nicest dynamically with it's tcc imho cow says:SELinux is very powerful too in that regard for confined user sessions, but a lot less dynamic cow says:Oh nice selinux developer! cow says:I'm more in the Gentoo circles for SELinux, patching up a few things in our refpolicy 😃 20:12 ---------------------------------------------------------------------------- Chris Allen says:Hey All, I need to take off for the evening. Great talk Chris Allen says:ttyl! 20:15 ---------------------------------------------------------------------------- cow says:l;ater! cow says:gonna dip myself too 20:18 ---------------------------------------------------------------------------- meeting ended at 8:20 pm