Re: goals for hardening Debian: ideas and help wanted
On 10:57 Thu 24 Apr 2014, Paul Wise wrote:
> ..[snip]..
> https://wiki.debian.org/Hardening/Goals
Regarding the line (at that page):
> Refuse to install packages that are known to have X number of unplugged
> exploits (i.e. X number of open security bugs in the bug tracker) unless
> e.g. --allow-vulnerable-packages is used. This makes it clear that you are
> installing software that is vulnerable.
I suggest it might be better if exploits were each given a quick/approximate
"ranking" in terms of severity (and if the severity is unknown it could be
assigned a default median ranking), so that the algorithm you mention wouldn't
just add number of unplugged exploits, but add them by weight. For example:
the recent heartbleed exploit would be worth more than a few smaller exploits
in less critical software, and would be calculated as such...
--
PGP fingerprint:
BB0A 0787 C0EE BDD8 7F97 3D30 49F2 13A5 265D CCBD
Reply to: