Leo Famulari <l...@famulari.name> writes:
> On Wed, Jan 09, 2019 at 09:52:53AM -0500, Joshua Branson wrote: >> Perhaps I would put it right after GNU Distribution > System >> Configuration. Perhaps I would call that section "Hardening >> Recommendations". Some of the things that I want to include are strong >> passwords, encrypted drives, MAC, kernel hardening (which we currently >> don't have a linux-libre-hardened do we?), sandboxing applications, >> firewalls, and physical security. I may not be able to complete this >> project swiftly, but I do intend to put it on my TODO list. > > I think the manual should include things that are specific to Guix, or > that explain how to do generic things (like encrypted storage) in a > Guix-y way. There are a lot of ways the manual (and GuixSD itself) could > be improved in this regard. > > I'm less enthusiastic about including things that are basically > universal concerns, like password strength or physical security. I agree. I’d also like to add that a section on MAC via SELinux would be challenging to write because one would probably first need to develop a few system services to better support SELinux. The same goes for hardening, which would need probably require build system support. Sandboxing, on the other hand, could get a section already, as this is made simpler with “guix environment --container” or “guix container”. Let’s aim for something slightly less ambitious and add sections on features that already exist. -- Ricardo
