Re: Security through paranoia 2, with proposal...

To: debian-devel@lists.debian.org
Subject: Re: Security through paranoia 2, with proposal...
From: Tollef Fog Heen <tollef@add.no>
Date: 01 Apr 2001 02:17:47 +0200
Message-id: <[🔎] 87hf09a2xg.fsf@arabella.intern.opera.no>
In-reply-to: <[🔎] 20010331232537.B31921@diamond.opal.dhs.org>
References: <[🔎] 20010331210209.AC0D3124045@thespectra.cjb.net> <[🔎] 20010331232537.B31921@diamond.opal.dhs.org>

* Ola Lundqvist 

| Depends: apache-ssl | apache_mod-ssl (if apache), 
| 
| But maybe that is too hard to implement, or?

Virtual packages.  The same way that apache and boa provides httpd,
there is nothing saying that one can't have 'httpsd' as well, which is
provided by apache-ssl, libapache-mod-ssl, boa-ssl (except that
boa-ssl doesn't exist ;).  (For this particular case, which IMHO would
be solved in a cleaner way with virtual packages than with if-based
dependencies).

| So with this approach a task-harden control files could look
| something like this: (not complete!)
| 
| Depends: apache-ssl | apache_mod-ssl (if apache), uw-imap-ssl (if uw-imap) ...
| Conflicts: telnetd
| Recommends: ! talkd
| Suggests: kernel-image-2.4.2-harden

IMHO it should only conflict, it shouldn't depend on apache-ssl, for
instance.  If this is a mail or DNS server, I might want to install
task-harden without installing a web server.

-- 

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.

Reply to:

References:
- Security through paranoia 2
  - From: DrPablo@mail.com
- Re: Security through paranoia 2, with proposal...
  - From: Ola Lundqvist <opal@debian.org>

Prev by Date: Re: daemons running as nobody
Next by Date: Re: daemons running as nobody
Previous by thread: Re: Security through paranoia 2, with proposal...
Next by thread: daemons running as nobody
Index(es):
- Date
- Thread