Re: Global secure install requested flag(Re: Task harden.)
On Wed, Apr 04, 2001 at 12:19:02AM -0500, Bryan Andersen wrote:
> Ola Lundqvist wrote:
> > There is no recommends: ! foo
>
> Maby this needs to be corrected to properly implement security.
>
> > > - make each package as secure as possible by default (balanced against
> > > usability).
> > Well I assume that this is already the case. That effort are put
> > on every package.
>
> Why not have a global "SECURE_INSTALL_REQUESTED" flag for package
> install scripts so they can modify their install to be secure if
> asked for. For instance a game that would normally have a daemon
> started at each boot would instead reconfigure to only start the
> daemon on demand from a local script. The base network package
> could instead install a configuration file set that is heavily
> restrictive.
That shounds like a good idéa. Do people think that this should
be automaticly set by task-harden or should I just provide the
question?
Regards,
// Ola
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Björnkärrsgatan 5 A.11 \
| opal@lysator.liu.se 584 36 LINKÖPING |
| +46 (0)13-17 69 83 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: