[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Task-harden

On Thu, Apr 12, 2001 at 02:16:22PM +0200, David Spreen wrote:
> Hi there,
> Put only packages in the Conflict field which are replaced by others installed 
> by task-harden. Removing insecure solutions is easy, but when we provide
> a package that does all the security stuff, we have to provide alternatives.

The problem is that this is impossible with the current implementation
of dpkg, apt-get and dselect. There is no depends if installed,
replaces if installed mechanism.

> The system should not become unusable with this package installed.
> We have to provide the possibility to secure a nfs-server without 
> saying "You are a NFS server, you cannot be secure, so let's remove 
> nfs. Ok you're useless now, but who cares? It's secure.".

Well some services are just plain insecure and should be avoided
if possible. If you can not avoid it, it is simply not secure.
Well in some definition of secure of course.


// Ola

 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /

Reply to: