Le lundi 01 avril 2013 à 12:29 +0530, Dhiru Kholia a écrit : > On 03/29/13 at 08:47pm, Björn Persson wrote: > > > 2. An alternate approach is to come up with an expanded list of packages > > > which should be hardened. > > > > Since FESCo maintains a list, I suppose anyone can propose specific > > programs to be added to the list, but it seems pointless to explicitly > > list programs that are already covered by the first three criteria. > > > > I agree that it seems pointless (and tedious) to explicitly list > programs which are already covered. > > However many packages (like PostgreSQL, Dovecot and MongoDB) meet the > criteria but still are not getting hardened. I am not sure about the > underlying reasons (oversight / performance concerns / etc.). > > What would be a good way to solve this problem in your opinion? > (File bugs / Explicitly list such packages / Turn on hardening by default) I would file bugs, and list those that were checked on a wiki page, along a link to the bug and a date, and revisit the reason on a regular basis. > It would be great to have some sort of automated method to find if > hardening criteria applies to a particular package. Ideas are welcome! You can take a look on http://people.redhat.com/sgrubb/security/ , there is a script rpm-chksec to verify that. -- Michael Scherer -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
