On Thu, May 29, 2008 at 12:56:19PM +0200, Lucas Nussbaum wrote: > What's the status of this patch? Are you still interested in getting > this into developers-reference? I haven't worked in this patch since I last sent it. I included it in the Debian Security Manual, since there was no response here. Currently up at http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html > I generally agree that such a section would be a good idea, at least the > first part (Best practices for security review and design). I'm not > quite sure about the second part (System users and groups for software > daemons), because it's quite long, and if we take that path, there are > other things that should be documented in the same way. Well, the second part could go to the Manual, or rather, stay there. Some developers oppose to having code in the documentation (don't blame them actually) so it might be better to have that in a separate location. Actually, the best place for it would be a tool (ala debhelper). Regards Javier
Attachment:
signature.asc
Description: Digital signature