Re: goals for hardening Debian: ideas and help wanted
On Tue, 29 Apr 2014 11:35:26 +0800
Paul Wise <pabs@debian.org> wrote:
> On Tue, Apr 29, 2014 at 8:07 AM, Marko Randjelovic wrote:
>
> > - security patches should be clearly marked as such in every *.patch
> > file
>
> That sounds like a good idea, could you add it to the wiki page?
I added this:
"Debian policy should require that in every source package all security
packages should be clearly marked as such in standard and easily
parsable way with optional further references."
>
> > - easy create and run programs from chroot and alternate users
>
> Could you detail what you mean by this? It sounds like you want either
> virtual machines or something like docker.io:
>
> https://packages.debian.org/sid/docker.io
Cencerely, I never heard about Docker before, I didn't mean
about VMs and I meant about chrooting. I was thinking about some kind
of wizard:
- create a chroot if doesn't already exist
- create a launcher for your DE
- create a shell script to run a program from terminal or a simple WM
hint: chroot $CHROOT_PATH su - $USER -c "$command_with_args"
>
> > - apt-get should automaticaly check checksums
>
> That happens now, if you find an instance where it does not, please
> file a severity serious bug report on apt with enough detail for the
> maintainers to debug and fix it.
>
> https://www.debian.org/Bugs/Reporting
>
I didn't know it, does apt-get/aptitude/synaptic do complete checks?
1. verify Release file signature
2. verify checksums of repo files
3. verify checksums of individual .deb files
I remmember some time ago I edited a file with hexedit (after apt-get
downloaded it) and tried to install it with apt-get and it didn't
complain.
--
http://markorandjelovic.hopto.org
One should not be afraid of humans.
Well, I am not afraid of humans, but of what is inhuman in them.
Ivo Andric, "Signs near the travel-road"
Reply to: