On Sat, 25 Sep 2004 23:42:19 +0200 Bart Lauwers wrote: | > | 1) Safety is important, it should be our aim to have our | > | default system as secure as it possibly could be. | > | > Uh, no. A *reasonable* level of security is good. "As secure as it | > possibly could be" means turning on grsec, selinux etc in maximum | > security mode, which makes a box unusable unless you spend a lot of | > time screwing around with things. Nothing wrong with that under | > certain circumstances, of course, but it should *not* be a default. | | As in how do you reason it would? You mean some things are not | practically | feasable? Well I agree on that (did you read as far down as the | proposal?).... these things you name do not work with everything | obviously and so these things just aren't possible yet for out of the | box deployment, -fstack-protector does not work with everything. It is not useful with many packages and it provides a nasty performance hit on some packages. It is overkill for the majority of our users. We don't have it on by default currently, and it isn't causing massive problems. | Yes I expected as much based on what I had read and I wonder about | the | ignorance and pretention of some people. You don't want security fine, | turn it off. In the meanwhile make it easier for the consumers of our | distro. It's time someone speaks out for the user! Frankly, I am tired | of all these one offs and lets implement xyz useless feature | discussions. This will help people, it will help businesses and as a | consequence it will most definitly help Gentoo. Heck, it helps | everyone except maybe you. The option is there for users who want it. By all means document it better, so long as said documentation is accurate regarding what it really does. Do not try to force it upon everyone, since it has undesirable side effects in some situations. | On the matter of the russian roulette, it is no different, computers | without | a security policy are a disaster waiting to happen and the risk could | cost someone their life (not in all uses of a computer granted). Both | are loosing propositions. You cannot proof read all the code you put | into a distro so you need better ways to attain an acceptable level of | protection. Now that's *definitely* FUD. Anyone running computers in a life or death situation should be getting code audits done, running selinux / grsec, enabling ssp and taking whatever other measures are appropriate given the risks. Anything else would be irresponsible. However, most of our users are *not* in this kind of situation. SSP is overkill for most people. Also remember that SSP does not remove security holes, it merely mitigates the damage caused in certain situations. -- Ciaran McCreesh : Gentoo Developer (Sparc, MIPS, Vim, Fluxbox) Mail : ciaranm at gentoo.org Web : http://dev.gentoo.org/~ciaranm