[gentoo-hardened] Tin Hat 20090119 released

[gentoo-hardened] Tin Hat 20090119 released

[basile]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello everyone,

I'd like to announce to the list that there is a new release of Tin Hat
out.  Tin Hat is a fully featured Linux desktop based on Hardened Gentoo
which runs purely in RAM.  It aims to be very secure, stable, and fast.

This release doesn't include any new features, but rather focuses on
stabilizing the extensive changes implemented in the last release which
completely reworked the build scripts: now a new Tin Hat release is built
from a running system rather than from VMWare templates. The entire
process
of syncing upstream using portage, recompiling the kernel if necessary,
preparing a prestine system and building the ISOs is done purely in RAM.

The release also addresses several security issues and bugfixes. Over 30
packages are upgraded, including the following important updates:
hardened-sources-2.6.25-r12, bind-tools-9.4.3_p1, openssl-0.9.8j,
e2fsprogs-libs-1.41.3-r1, and portage-2.1.6.4

Home page: http://opensource.dyc.edu/tinhat
Downloads: http://opensource.dyc.edu/tinhat-downloads

Anthony Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
USA


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkl2C0gACgkQl5yvQNBFVTVSJACfUsF3fZ7uUTUdRYk/QIxdjdXJ
kAYAn2pTdly+UYrSkkWPOMQdQcct9mFx
=d9sz
-----END PGP SIGNATURE-----

Re: [gentoo-hardened] Tin Hat 20090119 released

[Joseph Raymond]

[-- Attachment #1: Type: text/plain, Size: 1900 bytes --]

not to crap on you're parade, but what does tinhat have to do with gentoo
hardened? yes i know you based it off it. but on your own site it say "Tin
Hat is a Linux distribution derived from hardened Gentoo" don't think it's
cool to get spam about this in a gentoo mailing list.

sorry just my thoughts on this deal.

On Tue, Jan 20, 2009 at 12:35 PM, basile <basile@opensource.dyc.edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello everyone,
>
> I'd like to announce to the list that there is a new release of Tin Hat
> out.  Tin Hat is a fully featured Linux desktop based on Hardened Gentoo
> which runs purely in RAM.  It aims to be very secure, stable, and fast.
>
> This release doesn't include any new features, but rather focuses on
> stabilizing the extensive changes implemented in the last release which
> completely reworked the build scripts: now a new Tin Hat release is built
> from a running system rather than from VMWare templates. The entire
> process
> of syncing upstream using portage, recompiling the kernel if necessary,
> preparing a prestine system and building the ISOs is done purely in RAM.
>
> The release also addresses several security issues and bugfixes. Over 30
> packages are upgraded, including the following important updates:
> hardened-sources-2.6.25-r12, bind-tools-9.4.3_p1, openssl-0.9.8j,
> e2fsprogs-libs-1.41.3-r1, and portage-2.1.6.4
>
> Home page: http://opensource.dyc.edu/tinhat
> Downloads: http://opensource.dyc.edu/tinhat-downloads
>
> Anthony Basile, Ph.D.
> Chair of Information Technology
> D'Youville College
> Buffalo, NY 14201
> USA
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkl2C0gACgkQl5yvQNBFVTVSJACfUsF3fZ7uUTUdRYk/QIxdjdXJ
> kAYAn2pTdly+UYrSkkWPOMQdQcct9mFx
> =d9sz
> -----END PGP SIGNATURE-----
>
>
>

[-- Attachment #2: Type: text/html, Size: 2549 bytes --]

Re: [gentoo-hardened] Tin Hat 20090119 released

[Gordon Malm]

I think Tin Hat is a cool project and they are more than welcome to keep us 
abreast of new releases, along with some short release notes.  In fact, I am 
glad they do.  It is hardly spam.  Thanks Tin Hat peeps and keep up the good 
work!

Gordon Malm (gengor)

On Tuesday, January 20, 2009 21:21:54 Joseph Raymond wrote:
> not to crap on you're parade, but what does tinhat have to do with gentoo
> hardened? yes i know you based it off it. but on your own site it say "Tin
> Hat is a Linux distribution derived from hardened Gentoo" don't think it's
> cool to get spam about this in a gentoo mailing list.
>
> sorry just my thoughts on this deal.
>
> On Tue, Jan 20, 2009 at 12:35 PM, basile <basile@opensource.dyc.edu> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > Hello everyone,
> >
> > I'd like to announce to the list that there is a new release of Tin Hat
> > out.  Tin Hat is a fully featured Linux desktop based on Hardened Gentoo
> > which runs purely in RAM.  It aims to be very secure, stable, and fast.
> >
> > This release doesn't include any new features, but rather focuses on
> > stabilizing the extensive changes implemented in the last release which
> > completely reworked the build scripts: now a new Tin Hat release is built
> > from a running system rather than from VMWare templates. The entire
> > process
> > of syncing upstream using portage, recompiling the kernel if necessary,
> > preparing a prestine system and building the ISOs is done purely in RAM.
> >
> > The release also addresses several security issues and bugfixes. Over 30
> > packages are upgraded, including the following important updates:
> > hardened-sources-2.6.25-r12, bind-tools-9.4.3_p1, openssl-0.9.8j,
> > e2fsprogs-libs-1.41.3-r1, and portage-2.1.6.4
> >
> > Home page: http://opensource.dyc.edu/tinhat
> > Downloads: http://opensource.dyc.edu/tinhat-downloads
> >
> > Anthony Basile, Ph.D.
> > Chair of Information Technology
> > D'Youville College
> > Buffalo, NY 14201
> > USA
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.9 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iEYEARECAAYFAkl2C0gACgkQl5yvQNBFVTVSJACfUsF3fZ7uUTUdRYk/QIxdjdXJ
> > kAYAn2pTdly+UYrSkkWPOMQdQcct9mFx
> > =d9sz
> > -----END PGP SIGNATURE-----

Re: [gentoo-hardened] Tin Hat 20090119 released

[RijilV]

[-- Attachment #1: Type: text/plain, Size: 3001 bytes --]

Eh, its not like there is a ton of volume on this list.

On a side note, I think a stripped down version of tin hat linux would be
really cool - something around 300-400megs (so it could run very nice on a
system with a gig of ram).  Personally if I'm going to sit down at a foreign
machine all I really don't need openoffice or even gnome (fluxbox 4life).

Would the maintainers of Tin Hat be interested in some dev work to achive
that?

(if yes I'll jump on their mailing list as not to bug people here)

.r'

2009/1/20 Gordon Malm <gengor@gentoo.org>

> I think Tin Hat is a cool project and they are more than welcome to keep us
> abreast of new releases, along with some short release notes.  In fact, I
> am
> glad they do.  It is hardly spam.  Thanks Tin Hat peeps and keep up the
> good
> work!
>
> Gordon Malm (gengor)
>
> On Tuesday, January 20, 2009 21:21:54 Joseph Raymond wrote:
> > not to crap on you're parade, but what does tinhat have to do with gentoo
> > hardened? yes i know you based it off it. but on your own site it say
> "Tin
> > Hat is a Linux distribution derived from hardened Gentoo" don't think
> it's
> > cool to get spam about this in a gentoo mailing list.
> >
> > sorry just my thoughts on this deal.
> >
> > On Tue, Jan 20, 2009 at 12:35 PM, basile <basile@opensource.dyc.edu>
> wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > >
> > > Hello everyone,
> > >
> > > I'd like to announce to the list that there is a new release of Tin Hat
> > > out.  Tin Hat is a fully featured Linux desktop based on Hardened
> Gentoo
> > > which runs purely in RAM.  It aims to be very secure, stable, and fast.
> > >
> > > This release doesn't include any new features, but rather focuses on
> > > stabilizing the extensive changes implemented in the last release which
> > > completely reworked the build scripts: now a new Tin Hat release is
> built
> > > from a running system rather than from VMWare templates. The entire
> > > process
> > > of syncing upstream using portage, recompiling the kernel if necessary,
> > > preparing a prestine system and building the ISOs is done purely in
> RAM.
> > >
> > > The release also addresses several security issues and bugfixes. Over
> 30
> > > packages are upgraded, including the following important updates:
> > > hardened-sources-2.6.25-r12, bind-tools-9.4.3_p1, openssl-0.9.8j,
> > > e2fsprogs-libs-1.41.3-r1, and portage-2.1.6.4
> > >
> > > Home page: http://opensource.dyc.edu/tinhat
> > > Downloads: http://opensource.dyc.edu/tinhat-downloads
> > >
> > > Anthony Basile, Ph.D.
> > > Chair of Information Technology
> > > D'Youville College
> > > Buffalo, NY 14201
> > > USA
> > >
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.9 (GNU/Linux)
> > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> > >
> > > iEYEARECAAYFAkl2C0gACgkQl5yvQNBFVTVSJACfUsF3fZ7uUTUdRYk/QIxdjdXJ
> > > kAYAn2pTdly+UYrSkkWPOMQdQcct9mFx
> > > =d9sz
> > > -----END PGP SIGNATURE-----
>
>
>
>

[-- Attachment #2: Type: text/html, Size: 4136 bytes --]

Re: [gentoo-hardened] Tin Hat 20090119 released

[pageexec]

On 21 Jan 2009 at 0:21, Joseph Raymond wrote:

> not to crap on you're parade, but what does tinhat have to do with gentoo
> hardened? yes i know you based it off it.

that's more than enough reason to keep us informed.

Re: [gentoo-hardened] Tin Hat 20090119 released

[Javier J. Martínez Cabezón]

Have you thought that there is a possibility that in this mailing list
could exists tinhat users inscribed (loyal hardened gentoo users :)
)?.
2009/1/21 Joseph Raymond <error.log@gmail.com>:
> not to crap on you're parade, but what does tinhat have to do with gentoo
> hardened? yes i know you based it off it.

[gentoo-hardened] Re: Tin Hat 20090119 released

[7v5w7go9ub0o]

basile wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Hello everyone,
> 
> I'd like to announce to the list that there is a new release of Tin Hat
> out.  Tin Hat is a fully featured Linux desktop based on Hardened Gentoo
> which runs purely in RAM.  It aims to be very secure, stable, and fast.
> 
> This release doesn't include any new features, but rather focuses on
> stabilizing the extensive changes implemented in the last release which
> completely reworked the build scripts: now a new Tin Hat release is built
> from a running system rather than from VMWare templates. The entire
> process
> of syncing upstream using portage, recompiling the kernel if necessary,
> preparing a prestine system and building the ISOs is done purely in RAM.
> 
> The release also addresses several security issues and bugfixes. Over 30
> packages are upgraded, including the following important updates:
> hardened-sources-2.6.25-r12, bind-tools-9.4.3_p1, openssl-0.9.8j,
> e2fsprogs-libs-1.41.3-r1, and portage-2.1.6.4
> 
> Home page: http://opensource.dyc.edu/tinhat
> Downloads: http://opensource.dyc.edu/tinhat-downloads
> 
> Anthony Basile, Ph.D.
> Chair of Information Technology
> D'Youville College
> Buffalo, NY 14201
> USA
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkl2C0gACgkQl5yvQNBFVTVSJACfUsF3fZ7uUTUdRYk/QIxdjdXJ
> kAYAn2pTdly+UYrSkkWPOMQdQcct9mFx
> =d9sz
> -----END PGP SIGNATURE-----

THANK YOU for taking the time to post this valuable information!

Thanks also for sharing your infectious energy with this mailing list; 
it reinforces the importance of keeping hardened Gentoo vital!!

Re: [gentoo-hardened] Re: Tin Hat 20090119 released

[basile]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi everyone,

Let me respond to all in one email:


7v5w7go9ub0o wrote:
> THANK YOU for taking the time to post this valuable information!
> Thanks also for sharing your infectious energy with this mailing
> list; it reinforces the importance of keeping hardened Gentoo
> vital!!

Hardened Gentoo is *very* important and I think the team would appreciate
knowing where their work ends up: Besides being the basis of Tin Hat,
it is
also the basis of another project of ours (tor-ramdisk) which uses a
uclibc
(not glibc) based hardened gentoo environment to securely house a tor
relay.
Three of our production servers at D'Youville College are hardened gentoo
(virtual.dyc.edu, moodle.dyc.edu and project.dyc.edu) as are a couple of
internal servers.  I use hardened gentoo when I teach my security course
to demonstrate various hardening techniques.

Clearly, we are heavily invested users.  Yes, keep hardened Gentoo vital!


Gordon Malm wrote:
> I think Tin Hat is a cool project and they are more than welcome to
>
keep us
> abreast of new releases, along with some short release notes.  In
fact, I am
> glad they do.  It is hardly spam.  Thanks Tin Hat peeps and keep up
>
the good
> work!
>
> Gordon Malm (gengor)

Thanks Gordon.  On another note, I am wondering if you and the other
team members
have any thoughts about PaX/Grsecurity possibly being dropped
upstream.  I hate
to see harndened gentoo without it, but there may be no choice.


RijilV wrote:
>
> On a side note, I think a stripped down version of tin hat linux
would be
> really cool - something around 300-400megs (so it could run very
nice on a
> system with a gig of ram).

We were already discussing this for the reasons you mention.


Anthony Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
USA


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkl5Dz0ACgkQl5yvQNBFVTVm9gCeM8/Zn32Lxb+LgTMQfJoJaOdj
pRwAnRHIFB9JSFhsnV/oPNS15AdRLKFZ
=jYHx
-----END PGP SIGNATURE-----

Re: [gentoo-hardened] Re: Tin Hat 20090119 released

[Ned Ludd]

On Thu, 2009-01-22 at 19:28 -0500, basile wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Hi everyone,
> 
> Let me respond to all in one email:
> 
> 
> 7v5w7go9ub0o wrote:
> > THANK YOU for taking the time to post this valuable information!
> > Thanks also for sharing your infectious energy with this mailing
> > list; it reinforces the importance of keeping hardened Gentoo
> > vital!!
> 
> Hardened Gentoo is *very* important and I think the team would appreciate
> knowing where their work ends up: Besides being the basis of Tin Hat,
> it is
> also the basis of another project of ours (tor-ramdisk) which uses a
> uclibc
> (not glibc) based hardened gentoo environment to securely house a tor
> relay.
> Three of our production servers at D'Youville College are hardened gentoo
> (virtual.dyc.edu, moodle.dyc.edu and project.dyc.edu) as are a couple of
> internal servers.  I use hardened gentoo when I teach my security course
> to demonstrate various hardening techniques.
> 
> Clearly, we are heavily invested users.  Yes, keep hardened Gentoo vital!
> 
> 
> Gordon Malm wrote:
> > I think Tin Hat is a cool project and they are more than welcome to
> >
> keep us
> > abreast of new releases, along with some short release notes.  In
> fact, I am
> > glad they do.  It is hardly spam.  Thanks Tin Hat peeps and keep up
> >
> the good
> > work!
> >
> > Gordon Malm (gengor)
> 
> Thanks Gordon.  On another note, I am wondering if you and the other
> team members
> have any thoughts about PaX/Grsecurity possibly being dropped
> upstream.  I hate
> to see harndened gentoo without it, but there may be no choice.


We have discussed this topic and our time is better spent on focusing on
the now vs worrying about the future. If/when projects start to stagnate
we will deal with those cross-roads when they are upon us.

-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux

Re: [gentoo-hardened] Re: Tin Hat 20090119 released

[pageexec]

On 22 Jan 2009 at 19:28, basile wrote:

> Thanks Gordon.  On another note, I am wondering if you and the other
> team members
> have any thoughts about PaX/Grsecurity possibly being dropped
> upstream.  I hate
> to see harndened gentoo without it, but there may be no choice.

http://grsecurity.net/news.php#drobo