[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-devel] Re: security enhanced debian branch?

On Fri, Dec 19, 2003 at 01:03:17PM +0100, Peter Busser wrote:
> >   I'd be interested in hearing what the Adamantix people believed to be
> >  a reasonable approach for merging stuff back - but it does seem that
> >  they should be the people to write the plan, after all they know what
> >  they're working on - whereas outside Debian developers don't!
> Ok, maybe we can write such a plan together? I mean, sure, I know what is
> being worked on in Adamantix. That is simple technical stuff. But I hardly know

Ok. How about this (for the kernel changes):

1.- Upload packages for the kernel changes provided by Adamantix in a 
kernel-patch-adamantix (DONE, sitting in NEW at the moment, and will be 
included as soon as ftp-admins get around to do it)
2.- Upload the paxtest suite so people can test PaX-enabled kernels and 
Exec-shield enabled kernels (DONE, same as above)
3.- Upload the rsbac utilities (DONE, same as above)
4.- Ask base-passwd to provide a 'debian-sec' (security officer) for 
consistency between 1) and 3) in order to have a stable UID (not done)
5.- Upload sample RSBAC policies, rsbac-secpolicy and rsbac-adamantix are 
good candidates here (not uploaded, but I have packages built locally and 
I'm waiting for rsbac-adamantix to stabilise and would also like to audit 
the code, i.e. rsbacinit there)
6.- Have users test PaX-enabled kernels and RSBAC-enabled kernels.
7.- Fix bugs and contribute upstream those that belong there.
8.- Consider providing kernel-image packages with 6 enabled by default that 
could be used in a standard installation of Debian.

How does it sound? Of course the SSP stuff can run in parallel, I'll leave 
Steve that.


Attachment: signature.asc
Description: Digital signature

Reply to: