From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9816 invoked by uid 1002); 7 Jun 2003 02:41:08 -0000 Mailing-List: contact gentoo-hardened-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@gentoo.org Received: (qmail 1975 invoked from network); 7 Jun 2003 02:41:08 -0000 From: John Robinson Reply-To: strider@aravir.net To: gentoo-hardened@gentoo.org In-Reply-To: <3EE14192.7050005@nrao.edu> References: <20030605T222933Z_B95E00150000@gentoo.org> <01e201c32c6c$c6254fd0$024da8c0@epox2> <3EE14192.7050005@nrao.edu> Content-Type: text/plain Organization: Message-Id: <1054953648.24423.1863.camel@isengard.aravir.net> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.3- Date: 06 Jun 2003 22:40:49 -0400 Content-Transfer-Encoding: 7bit Subject: Re: [gentoo-hardened] Marketing Hardened Gentoo .. X-Archives-Salt: eedd949d-c7b6-4b6e-b4a2-f0fa9a878fd4 X-Archives-Hash: 7d40547f9714611e2bbf05b906f5e1d0 Wow. That was a great highlight of Gentoo's strong points. I'm serious when I say that your post should probably be put in a "What are our customers saying about us?" section on a Gentoo website-- I don't think I've seen a better written description of the things you touched on anywhere else. You're right about what makes Gentoo great, especially its effects on new users of Linux. The points at which I have to differ with you are the meaning of the email you're responding to, and the posture you feel the Gentoo staff will take if the email's suggestion is carried out: > ...marketing a Gentoo security initiative as if it is in response to > media attention is a slippery slope, I think. While I agree with you, I don't think that this was the intent of the previous email's suggestion. The Gentoo Hardened effort was started before the article in question was released, and so I don't think the email's author (feel free to correct me) meant that Gentoo should market itself as a response to the facts presented in it (or to the article itself, or the media trend into which the article falls), but merely as a good answer to them, which (when it's complete) it will be. Hardened Gentoo will (if I understand its aims) allow Gentoo systems to be more secure with less work, resulting in fewer "improperly configured systems" and "technical support overhead" -- the very things the article addresses as the main security problems on the Linux systems polled. > Rather than becoming a high-visibility project that reacts to media and > industry concerns, I would prefer to be invisible: I would prefer that > we made best-practices security techniques as easy to use as the rest of > Gentoo. I don't think that marketing Hardened Gentoo by referencing a set of facts supporting the use of such a distribution is equivalent to becoming a high-visibility project. Unless the marketing campaign was also stepped up, this wouldn't be a problem, it doesn't seem to me. Having a fair amount of visibility, however, is important to any software project, and having some facts to underscore the importance of such a project is usually pretty... well, important. Lastly, although I don't work for Gentoo, I find myself a little bothered at the suggestion that (given enough media attention) those in charge would shift their focus from providing a good, best-practices-based security initiative to providing what must be an inferior product which will (in the end) provide them more headaches and work. Although the Hardened effort must be at some level a reaction to industry concerns, because security concerns the computing industry, I don't think it is (or will become) a media-driven, looks-but-not-guts oriented effort. I'd like to see Hardened Gentoo become a more popular and well-recognized distribution, partially because it's such a cool idea, but mostly because it's a good response to the concerns of a lot of security people out there, and deserves recognition. The more it's used, if it meets its goals, the more secure the Linux-based servers of the net will be, and I consider that a plus as well. I'm all for seeing the Hardened effort marketed well, and I think the use of the article Gavin mentioned (and others) might be key to that endeavor. Sincerely, John Robinson -- Love justice; desire mercy. -- gentoo-hardened@gentoo.org mailing list