Expanding the list of "Hardened Packages"
Reindl Harald
h.reindl at thelounge.net
Mon Apr 15 17:40:59 UTC 2013
Am 15.04.2013 18:48, schrieb Miloslav Trmač:
> On Sat, Apr 13, 2013 at 7:51 PM, Reindl Harald <h.reindl at thelounge.net <mailto:h.reindl at thelounge.net>> wrote:
>
> which raises the question again:
>
> would it be not the better way to build the whole distribution hardened
> by expierience that nearly anything is exploitable over the long and
> performance comes after security
>
>
> The logical conclusion from this is to move to a language with automatic memory management. The "top
> vulnerability" reports for programs written in C/C++ and most other languages so different that starting a new
> project that processes untrusted data in C/C++ is becoming indefensible.
no, that would mean thow away a lot of code and a hurry rewrite of whatelse
in whatever language doe snot make things secure
> We seem to be stuck with C as the lowest common denominator that can be used from any runtime; long-term we _need_
> to move away from that, or Linux will gain the reputation of least-secure OS around.
not really, proven by securityfocus lists and changelogs of many
Fedora apckages which are not in C/C++ a fool will always implement
unsecure software and look at java-applets the last year!
> Now, what to move to? I currently don't have see any language/runtime I could recommend, which is in itself rather
> frightening
and that is why existing technologies to make binaries more secure should be used
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130415/fb6bd0b4/attachment.sig>
More information about the devel
mailing list