Re: Expanding the list of "Hardened Packages"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le lundi 01 avril 2013 à 12:29 +0530, Dhiru Kholia a écrit :
> On 03/29/13 at 08:47pm, Björn Persson wrote:
> > > 2. An alternate approach is to come up with an expanded list of packages
> > > which should be hardened.
> >
> > Since FESCo maintains a list, I suppose anyone can propose specific
> > programs to be added to the list, but it seems pointless to explicitly
> > list programs that are already covered by the first three criteria.
> >
> 
> I agree that it seems pointless (and tedious) to explicitly list
> programs which are already covered.
> 
> However many packages (like PostgreSQL, Dovecot and MongoDB) meet the
> criteria but still are not getting hardened. I am not sure about the
> underlying reasons (oversight / performance concerns / etc.).
> 
> What would be a good way to solve this problem in your opinion?
> (File bugs / Explicitly list such packages / Turn on hardening by default)

I would file bugs, and list those that were checked on a wiki page,
along a link to the bug and a date, and revisit the reason on a regular
basis.

> It would be great to have some sort of automated method to find if
> hardening criteria applies to a particular package. Ideas are welcome!

You can take a look on http://people.redhat.com/sgrubb/security/ , there
is a script rpm-chksec to verify that.

-- 
Michael Scherer

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux