Re: Introducing security hardening features for Lenny
On Tue, 2008-01-29 at 23:31 +0100, Moritz Muehlenhoff wrote:
> Pierre Habouzit wrote:
> There are certainly performance trade-offs involved and the final
> selection of features will depend on the testing of the respective
> maintainers (testing should be eased by hardening-wrapper).
What bothers me is that this kind of analysis should have preceded your
announcement.
I think that hardening is extremely important, but it is not the only
important thing. It would be very helpful if your team would consider
thinking about the tradeoffs, describing them so people can make some
judgments. But that's not what you did: you instead posted a note,
designed to sound as official as possible, asking every maintainer to
add these flags.
That's not right! We should instead discuss it.
> We're mostly trying to bootstrap a discussion here, the details on
> how to put this into effect archive-wide will depend heavily on the
> toolchain configuration proposal by Matthias Klose. Maybe "classes"
> of security-sensitivity of applications can be defined, which specify
> a set of selected options.
For my money, you blew it. You don't bootstrap a discussion by
presenting a pseudo-official email like the one you posted. But we can
get back to that discussion: cancel the email by saying "whoops, we're
not ready yet" and then having the discussion first.
Thomas
Reply to: