Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-hardened
Navigation:
Lists: gentoo-hardened: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: <gentoo-hardened@g.o>
From: "Jerome Brown" <jerome@...>
Subject: My Thoughts
Date: Thu, 20 Mar 2003 15:49:28 +1200 
A few thoughts from my point of view...

Is there a ground of support for some of the security options that have
been circulated in the forums - e.g. having the ability to apply patches
to software without having to upgrade to a newer version, and to do so
with an 'emerge -u world' style command? This to me seems to be
something that would go hand in hand with the Hardened aspect that is
being worked on. I have heard of a number of frustrations from
administrators who would like to be able to update their packages with
the necessary security/bug patches without upgrading to the new version.
I feel that this could be incorporated within the current release system
(-rXX), with an option within something like make.conf that specified
not to upgrade a major release (i.e. a change in the x.y.z notation).
This may mean that some of the current -r numbering needs to be looked
at, as the best example that I have of the distributors package
numbering being changed without the Gentoo package number being changed
is the 2.4.19 gentoo-sources, where the sources prior to 2.4.19-r7 are
all 2.4.18 based. This caused me lots of confusion as the 2.4.19 stock
kernel's implementation of Highpoint/Promise raid broke.

I know that everyone thinks that the administrator should keep up with
bugs via the GLSA's etc, and I agree completely. However I also feel
that if it is made easy for Gentoo users to update with _all_ security
patches, the Hardened options would be that much more attractive.

The other question that I had is, with regards to chroot()ing services,
are there going to be separate 'hardened' ebuilds for these, or will
they incorporate the chroot() option as a USE flag, and the ebuild puts
files in a different location, with a different setup than for the
default install. I see both of these options as having their advantages
and drawbacks, and both have the potential to get very messy.

Just my 2c. I welcome comments/discussions/disagreements, but no flames
please :)


Jerome Brown
Systems Administrator
Ashburton Trading Society
97 Burnett Street
PO Box 131
Ashburton
Ph:    +64 3 308-1306
Fax:   +64 3 308-1308
Email: jerome@...
--------------------------------------------
"There is no 'patch' for stupidity" 

--
gentoo-hardened@g.o mailing list
Replies:
Gentoo = Choices, Risk Ranking System, Upgrade to ? Version, Finding Critical Mass
-- Gavin Vess
Re: My Thoughts
-- Aaron Held
Navigation:
Lists: gentoo-hardened: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: A few thoughts
Next by thread:
Re: My Thoughts
Previous by date:
Re: A few thoughts
Next by date:
Re: My Thoughts


Updated Jun 17, 2009

Summary: Archive of the gentoo-hardened mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.