[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Global secure install requested flag(Re: Task harden.)

Ola Lundqvist wrote:
> There is no recommends: ! foo

Maby this needs to be corrected to properly implement security.

> > - make each package as secure as possible by default (balanced against
> >   usability).
> Well I assume that this is already the case. That effort are put
> on every package.

Why not have a global "SECURE_INSTALL_REQUESTED" flag for package 
install scripts so they can modify their install to be secure if 
asked for.  For instance a game that would normally have a daemon 
started at each boot would instead reconfigure to only start the 
daemon on demand from a local script.  The base network package
could instead install a configuration file set that is heavily

|  Bryan Andersen   |   bryan@visi.com   |   http://softail.visi.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |

Reply to: