Re: Does Debian need to enforce a better Security policy for packages?

To: Michael Robinson <robinson@netrinsics.com>
Cc: debian-security@lists.debian.org
Subject: Re: Does Debian need to enforce a better Security policy for packages?
From: Patrice Neff <mailinglists@patrice.ch>
Date: 24 Oct 2001 22:17:13 +0200
Message-id: <gnus-user.87pu7cn67q.fsf@usenet.patrice.ch>
In-reply-to: <20011023222802.A1984@netrinsics.com>
References: <20011022184619.A8341@dat.etsit.upm.es> <20011022213138.H1337@salem.getuid.de> <20011023011714.A19676@dat.etsit.upm.es> <20011023095504.J1337@salem.getuid.de> <20011023222802.A1984@netrinsics.com>

Michael Robinson <robinson@netrinsics.com> writes:

> FreeBSD does it for their ports tree.  In fact, this has been a
> matter of controversy, as the FreeBSD team issues a huge number of
> security advisories for software that really has nothing to do with
> FreeBSD. This has caused casual observers to erroneously believe
> FreeBSD is less secure than other less carefully managed operating
> system projects.

I believe this would not be reasonable for the Debian distribution,
but you could create a customized and secure Debian version where you
do a source code audit before accepting any package. Or maybe it could
be done with another APT tree?

well, just my 2 cents
patrice

Reply to:

Follow-Ups:
- Re: Does Debian need to enforce a better Security policy for packages?
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- Does Debian need to enforce a better Security policy for packages?
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Does Debian need to enforce a better Security policy for packages?
  - From: Christian Kurz <shorty@debian.org>
- Re: Does Debian need to enforce a better Security policy for packages?
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Does Debian need to enforce a better Security policy for packages?
  - From: Christian Kurz <shorty@debian.org>
- Re: Does Debian need to enforce a better Security policy for packages?
  - From: Michael Robinson <robinson@netrinsics.com>

Prev by Date: Re: Question about BugTraq and Debian-Security Mailing Lists
Next by Date: Re: Question about BugTraq and Debian-Security Mailing Lists
Previous by thread: Re: Does Debian need to enforce a better Security policy for packages?
Next by thread: Re: Does Debian need to enforce a better Security policy for packages?
Index(es):
- Date
- Thread