1 |
On Thursday 04 September 2003 21:10, Jan Krueger wrote: |
2 |
> Hi, |
3 |
> |
4 |
> is there a guide like |
5 |
> http://www.openbsd.org/porting.html#Security |
6 |
> in progress? available? |
7 |
|
8 |
uhh we have gentoo-hardened ... not sure what you're asking about ... |
9 |
|
10 |
> Or even better tools bundled in a "esecurity_check": |
11 |
|
12 |
putting this in an ebuild to be run everytime a pkg is unpacked is kind of |
13 |
dumb (no offense meant) ... we have no 'automated' ways for portage to scan |
14 |
source code looking for potential security issues, nor should there be ... |
15 |
the responsibility lies on the upstream author and the gentoo maintainer, and |
16 |
it should stop there ... |
17 |
perhaps creating tools for developers to use when testing out a new pkg would |
18 |
be feasible ... then again i think if you want a 'secure' box you should |
19 |
follow the excellent work the gentoo-hardened team has put together ... |
20 |
-mike |