Expanding the list of "Hardened Packages"
Dhiru Kholia
dhiru.kholia at gmail.com
Sat Apr 13 18:56:59 UTC 2013
On Sat, Apr 13, 2013 at 11:16 PM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Saturday, April 13, 2013 12:19:42 PM Rahul Sundaram wrote:
>> Is there a tracker bug? Proven packagers can help
>
> I have a tracker bug for issues identified on the core set of packages that
> would be part of a common criteria certification:
>
> I have not run the script that checks a distribution on F19 yet, so maybe
> there are more?
>
I have analyzed all F9 packages and have already published a list of
packages violating packaging guidelines.
See http://dl.dropbox.com/u/1522424/probable-violations-F19.csv
(I made some last minute changes which might be buggy. Feedback and
corrections are welcome!)
Also note that all this analysis stuff has been *automated*.
Additionally, my code works for all RHEL and Fedora versions (and even
deb based distributions).
The analysis code doesn't install any packages on the system, is host
OS agnostic and is quite fast (scales linearly).
See https://github.com/kholia/checksec (currently only the interactive
tools are described in the README, bulk analysis tools are hopefully
intuitive enough).
--
Dhiru
More information about the devel
mailing list