Expanding the list of "Hardened Packages"
Dhiru Kholia
dhiru.kholia at gmail.com
Mon Apr 1 06:59:07 UTC 2013
On 03/29/13 at 08:47pm, Björn Persson wrote:
> > 2. An alternate approach is to come up with an expanded list of packages
> > which should be hardened.
>
> Since FESCo maintains a list, I suppose anyone can propose specific
> programs to be added to the list, but it seems pointless to explicitly
> list programs that are already covered by the first three criteria.
>
I agree that it seems pointless (and tedious) to explicitly list
programs which are already covered.
However many packages (like PostgreSQL, Dovecot and MongoDB) meet the
criteria but still are not getting hardened. I am not sure about the
underlying reasons (oversight / performance concerns / etc.).
What would be a good way to solve this problem in your opinion?
(File bugs / Explicitly list such packages / Turn on hardening by default)
It would be great to have some sort of automated method to find if
hardening criteria applies to a particular package. Ideas are welcome!
--
Dhiru
More information about the devel
mailing list