firewalling capabilities / release criteria

To: debian-devel@lists.debian.org
Subject: firewalling capabilities / release criteria
From: "John H. Robinson, IV" <jhriv@ucsd.edu>
Date: Tue, 21 May 2002 10:43:50 -0700
Message-id: <[🔎] 20020521174350.GD20364@ucsd.edu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] nnn0utiv3a.fsf@fafner.lysator.liu.se>
References: <[🔎] Pine.LNX.4.33.0205192031530.9857-100000@yakko.doogie.org> <[🔎] 87it5ja8bt.fsf@becket.becket.net> <[🔎] 20020520051008.GB16576@azure.humbug.org.au> <[🔎] 20020520141603.GB1505@celeron.dekkers> <[🔎] 20020520145256.GF29854@212.23.136.22> <[🔎] 20020520151349.GB25130@azure.humbug.org.au> <[🔎] 20020520173448.GI1505@celeron.dekkers> <[🔎] 20020520180124.GB11058@ucsd.edu> <[🔎] nnn0utiv3a.fsf@fafner.lysator.liu.se>

On Tue, May 21, 2002 at 01:44:25PM +0200, Niels Möller wrote:
> "John H. Robinson, IV" <jhriv@ucsd.edu> writes:
> 
> > Debian (using a linux, bsd, or gnumach/l4 (micro)kernel) should be
> > ``Secure by default.'' if this means that no firewalling -> no debian
> > release, then so be it.
> 
> But a different, safer and more robust way to be "secure by default"
> is to simply not enable the network services in the first place.

i agree with that. this is why you will never see sendmail, bind, 
wu-*, or *nuke on any system that i have complete control over.

as i went on to say, i know that the hurd uses a different sort of
authentication scheme (a matter of privledge escalation, as opposed to a
process of privledge shedding) so that would probably require evaulation
as to what firewalling capabilities are required

there are other firewalling issues, such as NAT (ipmasq) and a decision
(and prefereably published) as to exactly what firewalling features are
_required_.

a nice, published ``release criteria'' (ie: all of base+standard, theses
optional packages, and 75% of the remnainder (or their functionality),
an rbuilder for security updates, and this that and the other thing)
would be a boon for porters.

-john

-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: firewalling capabilities / release criteria
  - From: tb@becket.net (Thomas Bushnell, BSG)

References:
- Re: hurd does NOT need /hurd
  - From: Adam Heath <doogie@debian.org>
- Re: hurd does NOT need /hurd
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: hurd does NOT need /hurd
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: hurd does NOT need /hurd
  - From: Jeroen Dekkers <jeroen@dekkers.cx>
- Re: hurd does NOT need /hurd
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: hurd does NOT need /hurd
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: hurd does NOT need /hurd
  - From: Jeroen Dekkers <jeroen@dekkers.cx>
- Re: hurd does NOT need /hurd
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>
- Re: hurd does NOT need /hurd
  - From: nisse@lysator.liu.se (Niels Möller)

Prev by Date: Re: hurd does NOT need /hurd
Next by Date: Re: <joke/>Debian secure by default (was Re: hurd does NOT need /hurd)
Previous by thread: Re: <joke/>Debian secure by default (was Re: hurd does NOT need /hurd)
Next by thread: Re: firewalling capabilities / release criteria
Index(es):
- Date
- Thread