Global secure install requested flag(Re: Task harden.)
Ola Lundqvist wrote:
> There is no recommends: ! foo
Maby this needs to be corrected to properly implement security.
> > - make each package as secure as possible by default (balanced against
> > usability).
> Well I assume that this is already the case. That effort are put
> on every package.
Why not have a global "SECURE_INSTALL_REQUESTED" flag for package
install scripts so they can modify their install to be secure if
asked for. For instance a game that would normally have a daemon
started at each boot would instead reconfigure to only start the
daemon on demand from a local script. The base network package
could instead install a configuration file set that is heavily
restrictive.
--
| Bryan Andersen | bryan@visi.com | http://softail.visi.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
Reply to: