| 1 |
On Thursday 04 September 2003 21:10, Jan Krueger wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> is there a guide like |
| 5 |
> http://www.openbsd.org/porting.html#Security |
| 6 |
> in progress? available? |
| 7 |
|
| 8 |
uhh we have gentoo-hardened ... not sure what you're asking about ... |
| 9 |
|
| 10 |
> Or even better tools bundled in a "esecurity_check": |
| 11 |
|
| 12 |
putting this in an ebuild to be run everytime a pkg is unpacked is kind of |
| 13 |
dumb (no offense meant) ... we have no 'automated' ways for portage to scan |
| 14 |
source code looking for potential security issues, nor should there be ... |
| 15 |
the responsibility lies on the upstream author and the gentoo maintainer, and |
| 16 |
it should stop there ... |
| 17 |
perhaps creating tools for developers to use when testing out a new pkg would |
| 18 |
be feasible ... then again i think if you want a 'secure' box you should |
| 19 |
follow the excellent work the gentoo-hardened team has put together ... |
| 20 |
-mike |
Archives