| 1 |
I think that there are very many distributions build on that premise, however this
|
| 2 |
is not really a goal of gentoo-hardened for this reason: Gentoo is based
|
| 3 |
on availability of choice. We will provide applications considered secure (those
|
| 4 |
listed are all in portage) but we won't restrict users to anything.
|
| 5 |
|
| 6 |
The gentoo-hardened project is to build a security hardened distribution using
|
| 7 |
known security mechanisms and tools available. That includes ACL's MACS,
|
| 8 |
auditing, chrooting, stack protection, adding security patches wherever possible
|
| 9 |
et al. in theory once an installation is complete one could give out their root
|
| 10 |
password and not worry about any problems (russell coker provides the root
|
| 11 |
password to his selinux play machine to demonstrate the security provided
|
| 12 |
by selinux, this machine hasn't been compromised at all.
|
| 13 |
|
| 14 |
We will be handling documentation, and we can certainly give our opinions
|
| 15 |
or widely thought beliefs about the security impacts of certain applications.
|
| 16 |
|
| 17 |
Also, I am a fairly security aware person, but i do not share your sentiment about
|
| 18 |
djb's work so I find it hard to recomment his software to users. This is not
|
| 19 |
an opinion formed about the security of his products, the opinion is based
|
| 20 |
on his treatment of the opensource world, and the non-rfc compliance of his
|
| 21 |
applications. This IS a personal opinion so i don't want a flamewar on this list,
|
| 22 |
if you wish to flame me come to irc and scream all you want :)
|
| 23 |
|
| 24 |
Joshua Brindle
|
| 25 |
|
| 26 |
>>> <dscott@×××××××××××.com> 03/19/03 04:14PM >>> |
| 27 |
Hello All,
|
| 28 |
|
| 29 |
My thought:
|
| 30 |
I would like to see a secure distribution that would strongly encourage users to use proven audited applications and daemons.
|
| 31 |
ie: qmail, djbdns, pure-ftpd, etc etc.
|
| 32 |
|
| 33 |
D. |
Archives