Expanding the list of "Hardened Packages"
Steve Grubb
sgrubb at redhat.com
Sat Apr 13 15:33:57 UTC 2013
On Wednesday, April 10, 2013 03:55:46 PM Miloslav Trmač wrote:
> Hello all,
> the discussion has somewhat died down... If you have a specific proposal
> for a change in policy, please add it to
> https://fedorahosted.org/fesco/ticket/1104 ; hard data that demonstrate the
> impact, if any, in a situation relevant to Fedora (in particular, taking
> into account prelink as it is deployed by default) would be very welcome
> but is not a strict requirement.
>
> (This is not intended to cut off the discussion on the mailing list, only
> to make it clear to FESCo whether there is any proposal for change or
> whether we are happy enough with the current status.)
I don't think there is any need to extend the set of packages that _should_
get hardening. The current guidelines are sufficient. What is not happening is
the packages that have apps that fit the need to be hardened are not getting
the proper hardening. I have opened dozens of bugs on the "core" packages that
matter, but even those bz are still not complete.
Bottom line, we just need more prodding of maintainers that have apps that
need hardening based on current guidelines.
-Steve
More information about the devel
mailing list