Re: Proposed: task-secure-system package
Sean 'Shaleh' Perry <shaleh@valinux.com> writes:
>> Then it could suggest/recommend/depend on the installation of other things
>> that enhance security.
SP>
SP> realize the ONLY tool in debian which handles recommends or suggests is
SP> dselect. tasksel only deals with depends, as does apt.
SP>
SP> I am also concerned about the Conflicts: line this package will
SP> have. It will be at least 20 packages long. Can apt handle this
SP> without seriously breaking your box?
SP>
SP> What about Conflicts: uses-clear-text-password (-:
I have a couple of quick thoughts about this package:
(1) This package is only worthwhile if people are running the most
current version of it, since if it's going to Conflict with a
version of a package with a security flaw, there's probably a
newer version of it. In other words, using it to keep your system
secure involves periodically updating it, which is probably
equivalent to periodically updating your system in general
anyways.
(2) This package seems a great way to give people a false sense of
security: "Of course my system is secure, I have the
task-secure-system package installed on it!" UNIX security is a
Hard Problem, and it's probably not a good idea to try to make
people think otherwise.
--
David Maze dmaze@mit.edu http://www.mit.edu/~dmaze/
"Theoretical politics is interesting. Politicking should be illegal."
-- Abra Mitchell
Reply to: