Re: Required firewall support
On Thu, Mar 17, 2005 at 12:24:00AM +0100, Marco d'Itri wrote:
> On Mar 17, Thomas Bushnell BSG <tb@becket.net> wrote:
>
> > > > One of the conditions for SCC is "fully functioning Unix, including
> > > > DNS and firewall support." What specifically is intended by "firewall
> > > > support"?
> > > I think that simple ACLs are the bare minimum.
> > Ok, can you point me at the specific feature, and why is this feature
> I think that the minimum is per-interface permit/deny ACLs which could
> match at least on IP protocol number, TCP/UDP ports and ICMP types.
>
> > important for packaging in SCC?
> Because Debian should not waste resources to support a toy OS (in this
> case defined as one not secure enough to stay on the internet for real
> work).
The statement in the announcement was:
- the port must include basic unix functionality, e.g resolving
DNS names and firewalling
"resolving DNS names" is obviouly required.
But why is "firewalling" required?
It's the question what a "toy OS" is, and whether a "toy OS" might be
supported by Debian.
It seems what makes Thomas suspicous is that of all current ports of
Debian (Linux, *BSD, GNU/Hurd), the only one that might be affected is
GNU/Hurd - this requirement is therefore either void for all current
Debian ports or it was meant specifically against GNU/Hurd.
Thomas' question is simply whether five of your six DPL candidates have
signed that they want to kick GNU/Hurd even out of the proposed SCC
archive or not.
Steve's announcement only listed actions without giving the rationale
for each of them, and it would therefore be required that someone of the
12 people who signed this announcement should clarify this point.
> ciao,
> Marco
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Reply to: