Hi Lorenzo, Martin, lists,
Lorenzo Hernandez Garcia-Hierro wrote:
:: Hi Martin,
:: El mar, 14-09-2004 a las 17:40, Martin Michlmayr escribió:
:::: * Lorenzo Hernandez Garcia-Hierro <[EMAIL PROTECTED]>
:::: [2004-09-08 16:26]:
:::::: I want to know if i can use the trademark "Debian" on
:::::: the name of a project that i've started , "Debian
:::::: Hardened" which i want to see as an official Debian
:::::: sup-project.
:::: I personally feel that this name has the same problems
:::: that "Trusted Debian" has - it suggests that "normal"
:::: Debian is not secure. In any case, I think you should
:::: post your question to debian-project rather than -legal
:::: since -project is more appropriate and might get more
:::: feedback.
:: A "normal" Debian is secure, depending on how the
:: sysadmin works with the packages and how he confgiures
:: them.
Trully. A few weeks ago, a friend of mine was
talking to our Debian User Group and he told that you
can setup your system in a way that it could be more
secure than OpenBSD. :) I'm not here to talk about
which system is the most secure, but of course, that
are lot of things to consider and "fine tunning" when
we talk about security.
:: But, if you have, for example, ProPolice/SSP compiled
:: packages, there wouldn't be anyway to exploit a buffer
:: overflow condition in the package.
:: That's the same with kernel packages...you can choose
:: a better secure kernel or a simple one, the difference
:: is just what you want to choose: secure or not secure
:: as the other...
Ok! Why I quote my friend? Because he is starting
a project similar with "Debian Hardened".
:: Security stays OK until somebody breaks it, and you
:: can't predict when it will happen (and also you can't
:: predict how it will happen!).
Trully. :)
:: I want to see Debian Hardened as an official Debian
:: subproject, it's not a "better, more secure"
:: un-official version of Debian, it's just a hardened
:: tree of official Debian packafes for official Debian
:: versions!
Thinking on my friend's project and in "Debian
Hardened", I was wondering if we could joing Debian
Security and develop all this stuff there?
I can say that the idea of my friend is create
a kind of documentation, comparing security tools,
creating "benchmarks", making tests and packages, with
the objective of making Sys/Net Admin life easier (and
more secure).
In the last months I'm trying to understand
how can a person joing the Debian Security Team and
help them on packages and machines, I'm not sure, but
if I understand the Lorenzo idea, we can work together
doing a kind of auditing and developing packages, maybe
we should put it in another tree like proposed-security
or security-enhanced., in manner that doesn't sounds
like "debian is insecure" or "less secure".
Doing this, we have a sub project with focus
on Security, official. Well, it is just a thought! :)
Best Regards,
--
//////////
// Felipe Augusto van de Wiel (faw)
// [EMAIL PROTECTED]
// http://www.cathedrallabs.org
/////
// GUD-PR / DUG-PR || http://www.debian-pr.org
// GUD-BR / DUG-BR || http://www.debian-br.org
// Debian Project || http://www.debian.org/
//////////
