Re: Top 5 things that aren't in Debian but should be :-)
sön 2004-01-11 klockan 20.53 skrev Dan Shearer:
> Since my Deb Miniconf3 topic was chosen by poll (Jonathan Oxer :-) I
> thought I might as well get some input on the content too.
> So what, in your opinion, are the technologies (or significant packages)
> which should be in Debian but are not? And why do you think they are
> To the list or, if you prefer lower temperatures, private email. The
> slides will be made available, and a post made here.
> Dan Shearer
I dont know if it has been mentioned before, but I think that :
1. Pre-patched kernel sources could be a good idea, i ment patched with
security related patches, like grsecurity etc..
2. As it seems that metapackages are very popular, a meta-security
kernel-patch .. including all securityrelated paches.. sounds like a
good idea to me.
I rather uncheck something if i dont want it in my kernel, rather than
hunting patches.. and trying to apply them.. or forgetting to patch..
3. Perhaps that the Base installation should be more restricted. say,
all services in inetd.conf all commented..
Again, i'd rather uncomment services that i want... OR, perhaps a
question, asking what services should be uncommented in inetd.conf at
the end of the base installation..
All this leaning towards what Martin Pitt wrote ...
>"It would be nice to provide better proactive system security out of
>the box: e.g. mandatory access control and ACLs
>(grsecurity|SELinux|lids), PaX, all packages compiled with buffer
>overflow protection and a gcc supporting this (like Steve Kemp's gcc).
>All of this is of course possible in Debian, but it would be great if
>it were both properly integrated and would come along "out of the
.. better "out of the box" security.. since however one does.. your
system may be vounrable at a couple of minutes/hours while configuring
the base install..
Hardly those things arent Top 5, but.. top 100 perhaps ;)