Russell Coker wrote:
On Sunday 07 December 2008 16:11, "Reed Young" <reedryoung@gmail.com> wrote:For any set of packages one finds so useful that they're like their own distribution, I think the labor would be better spent -- more useful to the community I mean, maybe not as fun for you -- in extending / improving documentation on using those tools, or Chip's suggestion, which looks to me like 'debianising.' Your message indicates a comprehensive security strategy, and a large market for that certainly exists. But the additional work of maintaining a separate distribution seems like a waste.http://www.debian.org/misc/children-distrosOne thing that probably should be considered is the fate of the Adamantix distribution. The above URL seems to be the only current information available on the web about it. It seems that the only current positive result from that project is the paxtest package which is in Debian (which incidentally is i386 specific). I expect that the same amount of effort could have yielded better results if applied within the scope of Debian.
I've been lurking for weeks not and found this to be an interesting topic that is really rather general and may belong under the topic of "The Cathedral to the Bazaar" more than just security.
A new project, or fork, is a very large investment of resources (time, money, energy, whatever) that really must merit it's value and difference from it's predecessors.
I've recently stopped using ipcop for firewall security because it's lacking certain features and considered rolling my own with Debian as a core. Further investigation has shown that there is really very little for me to do here. There are a lot of great tools that exist and I have to pick/choose to match my needs and skills.
Using this experience as an example. I would be a huge fan of someone who spent some time integrating with the maintainers of some debian firewall and security packages to document how these fit together to provide a secure environment. That's value added and it will foster more support for the down stream packages.
I've "struck out on my own" on a few projects and I will say this much. It's a lot of work. A lot more than I anticipated. And I really didn't get any hint of help until I had a fully functioning product. And then there was a lot of noise about remodeling it to look and feel exactly like the products that encouraged me to fork off in the first place.