Gentoo = Choices, Risk Ranking System
I agree with Aaron about the merging of Gentoo's vision (choice) with established, successful, advanced security features [my adjectives]. However, if we bring reasonable choices to the hardened flavor of Gentoo, will it be difficult to tell the difference between a "lightly" hardened version and a regular version that has security "tweaks"?
How to communicate with Gentoo users meaningful information that helps them make informed decisions regarding configuration/upgrade options?
dscott@... writes "Encouraging users to use applications that have a solid history .."
I have a crazy idea .. establish a "review board" that ranks packages (and combinations of packages) as low, medium, and high security risk using a simple voting system combined with historical evidence/record. After all, the security of a particular configuration is difficult to rank on an absolute scale, and perhaps many might appreciate the advice of those more familiar with the packages and advanced security issues before they make a decision on which version (or configuration options) to upgrade/change to. Maybe the system could ask the user to prioritize security issues before producing a customized risk rank? For example, ask the user to identify their personal security preferences (package conform to RFCs, chroot, avoid using TCP/IP sockets, never run any executable as root, all source code must be open, etc.).
Upgrade to ? Version
> frustrations from administrators who would like to be able to update their packages with
> the necessary security/bug patches without upgrading to the new version.
Openssl is an excellent example. Several serious security flaws were discovered as 0.9.6 matured (from 0.9.6a to 0.9.6i). Many administrators would consider it folly to upgrade from a relatively proven 0.9.6i to 0.9.7a, b, ? .. so foolish that the hardened version of Gentoo might not be an option for them, if updates are forced too far into the bleeding edge (even if the builds are claimed stable).
Finding Critical Mass
> However I also feel that if it is made easy for Gentoo users to update with _all_ security
> patches, the Hardened options would be that much more attractive.
On Monday another serious flaw was found was in the latest 0.9.6 and 0.9.7 branches affecting most openssl apps, including Apache with SSL. The scope of impact is broad. By simultaneously considering the security needs of the entire Gentoo community along with those desiring a hardened version, I sincerely think successful critical mass is much more likely through a broader appeal. Also, supporting hardening through options, rather than fully separate packages avoids the potential of evolving yet another distro (e.g. without critical mass needed to sustain quality).
Another 2 cents,
email@example.com mailing list