Re: Security categories according to Debian
> I am taking a information security class and was posed this as an
> assignment question:
> Describe the broad security categories according to Debian.
I'm not really a "security expert", but I'd say this question is quite
difficult to answer because its not very precise. The term "security"
has so many meanings and aspects, just as the Debian project. Security
of what? Against what? Perhaps it's just me and my buzzword-aversion,
but it annoys me that people forget to add this info all the time when
they speak about "security" (same thing with "protection". And btw can
anybody explain to me as a native german-speaker the difference between
security and safety?)
> I have been unable to find a reference to anything that states that Debian
> has a different thought on securityt and categorizes security into needs,
> rrequirements, or any groupings what so ever. I have checked several
> different websites to include the Debian site itself and a lot of search
> engines to no avail.
> Any links to documentation or papers which indicate Debians thoughts on
> security and the categories they have set would be greatly appreciated.
Anyways, I think the most general approach to security issues is written
in the "Securing Debian Howto", perhaps the page "2.3 How does Debian
handle security?" might be similar to what your class teacher means:
This relates to all kind of "problems", including bug reporting,
packaging policy or security updates.
You could also ask the people on the debian-security mailinglist.
Hope that helps,
Guido (debian user)