On Fri, 18 Jun 2010 00:35:19 +0200, Miah Johnson <miah@chia-pet.org> wrote:
Things to remember: 1. There is no such thing as "secure". 2. Proper security consists of multiple layers of defense. Additional examples of things the AST could do: 1. Propose changes to default configuration files to be "more secure", and have more documentation around setting up services in a more secure fashion. 2. Assist with SELinux & GRsecurity projects. 3. Propose changes to initscripts to make sure software drops privileges and chroots where possible, or at least make it easier to enable such features. 4. pie / ssp 5. PaX 6. Audits
First of all, please don't top post. It is really annoying. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Back on topic: Start a security team while there isn't anything like secure? Alright I get the point, but I guess arch has the natural ability to become faster stable just because of the bleeding edge. Software bugs get tackled faster, patch are quickly spread, not waiting for months like many other distros. I know running the newest code doesn't mean secure, but that choice is up to the user (check the svn and use abs and so on). Other examples, hmm. You can still propose changes, you don't need a team to write a patch for a configuration file or the initscripts. SELinux is not even in community, maybe apply for becoming a TU for it? Or help out at Fedora or wherever it is developed? I don't know much about GRsecurity/PaX/SSP/Audits, but check the Wiki and try to help out there, discus it there. People who are interested should be following those pages and contribute, the same for SELinux. The Wikipages look really nice. I don't know pie, but that would probably have something to do with GRsecurity too. I guess most of the things are already there, some people want to give it a name. I'm not stopping you from a team, but I just don't believe in it after seeing so many fails. (I'm not a Dev nor a TU, just giving my opinion.) -- To read: http://en.wikipedia.org/wiki/Posting_style#Bottom-posting