He already commented on that 10 years ago (see the start of https://www.networkworld.com/a... about Canonical ).
It is interesting how FSF and RMS have pioneered the idea of shunning in the free software community, but how suddenly this is a problem when they are the target.
FSF also need to pay for lawyers. They usually do not work for free either, and finding a competent one is already hard, so finding one able to work with RMS (who is notoriously hard to work with, I think no one deny that ) and pay them less than private sector while being in Boston is going to be quite impossible with less money.
Given some of RMS suggestions (like https://www.gnu.org/philosophy... ), and some of the FSF self consistent and highly problematic takes (like https://lists.gnu.org/archive/... , I can see why they do that, but I can also see how problematic it is to disable errors message and so push people to get new hardware to correct firmware issues), the question also apply on what can happen with a GPL v4 where the FSF apply this line of reasoning.
Technically, dictators didn't really care that much in the past either way. They do ignore criticism in all case.
I think the idea is to have your own on-demand cloud and server, ie for internal customers in big company.
I see more someone saying "OMG NSA is so stupid" rather than someone trying to tarnish Snowden reputation.
You can fully divide the admin task with selinux like having 1 admin who can disable selinux ( or rather "update the policy" ), and having another doing operational stuff ( like logging as root ). So technically, the first one can disable protection for the 2nd one, but cannot do much by itself. And with protected physical access, you can pretty much have a rather locked down system. Not protected against 2 rogue admins, of course, but being protected against 1 is already better than most systems.
And regarding environment where SELinux is used ( besides targeted ), you can take a look at the openshift service from RH, they do use it a lot to separate users. But you are right that for most people, using more than targeted policy is a bit overkill, since people do not care that much about security ( and when they do care enough to not disable selinux, firewall and everything that make stuff so hard ).
Bash is slow.
Also, bash is not a real language. You will start talking about programming in bash when it will have a proper namespacing system, because even php got namespace support.
Not to mention the need for forking a gigantic amount of software as soon as you want to make anything relevant such as parsing output of any others process, because bash is also unable to understand any complex data structure.
That's a fine language for those whose programming is not a job, and for small software, but as soon as you talk something more critical like the boot of a modern system, bash is holding change, due to various problem ( like a total lack of testing framework, and a given the fact that no one wrote one, lack of will to write one from the whole community of bash aficionados ). Any kind of network operations is just a hack, trying to put everything under the unix pipeline model ( like the whole
Systemd unit file are vastly more easier to edit and go straight to the point, you declare the binary and it fucking take care of the rest. That's why we invented computers, to do stuff, not to force us to do their work.
So that would be a problem of Cadence if they decide to only support RHEL instead of SLES, not of Red Hat.
interlard - vt., to intersperse; diversify -- Webster's New World Dictionary Of The American Language
