Re: join us!

["Kurt Seifried" <seifried@securityportal.com>]

> You have made up for this, however, by letting us know a more detailed
review
> is forthcoming. Maybe I'll get a little team together to go thru your site
> and get what we can from it, and file bugs that seem to violate
principles.
> Umm, thanks for that.

http://www.securityportal.com/lskb/ - 150+ articles on Linux security, a lot
of stuff Debian could do to really secure the distro (filesystem layout for
example).

> On the -other- hand... you do nothing but bring up good points. Before
> the resource of your site, the only things we had to go on were bugtraq,
> cert and being slammed by occasional hackers on an individual basis,
> gathering whatever info remained in the aftermath and (again) filing
> bugs against packages.

Actually something else very good for linux security we will be announcing
next monday (I'd announce it this monday except I'll be on the road, which
would make my life exceedingly busy/difficult =).

> See if you agree:
>
> If I had my way, this idea of a package called base-passwd with lots
> of sys accounts, would go -away-. The only way a system account should
> be created is if a package gets -installed- that requires it.

That would be good. OTOH creating account that are not active and locked
out, i.e. postfix accounts so that file ownership is correct, or "nobody" or
"squid" is ok.

-Kurt