Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.

2014-01-02 Thread Michael Gilbert
On Thu, Jan 2, 2014 at 6:36 PM, Daniel Curtis wrote: > > Hello everyone, > > Michael web site with a statistic I've watching for time to > time. Also Debian Hardening wiki page I studied a couple of > time. > >> There is a lintian check for setuid binaries (...) >> There isn't really any group effo

Updated plans for AppArmor support [Was: Enhancements/enabled hardening flags in Wheezy pkgs/release.]

2014-01-02 Thread intrigeri
Hi all, I'm taking this opportunity to share a bit about my experience and plans for improving AppArmor support in Debian => cc'ing the potentially interested parties: AppArmor maintainer in Debian, upstream mailing-list, Tails developers and Jake. If I've forgotten someone, I'm sorry, please forw

Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.

2014-01-02 Thread Daniel Curtis
Hello everyone, Michael web site with a statistic I've watching for time to time. Also *Debian* Hardening wiki page I studied a couple of time. *>* *There is a lintian check for setuid binaries (...) **>* * There isn't really any group effort tackling or monitoring **>* * the assortment of useful

Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.

2014-01-02 Thread intrigeri
Hi, Moritz Mühlenhoff wrote (02 Jan 2014 18:31:07 GMT) : > The following packages have had a DSA in the previous years, but do > not use hardened build flags. Thanks for updating the list! > pixman Patch submitted (#733986). > libotr I'll take care of that one too. Cheers, -- intrigeri

Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.

2014-01-02 Thread Moritz Mühlenhoff
Michael Gilbert schrieb: > There isn't really any group effort tackling or monitoring the > assortment of useful hardening features. That is something that could > definitely be improved. Here's some concrete issues where people can help out. Many of these tasks will take less than an hour and y

Re: Check for revocation certificates before running apt-get?

2014-01-02 Thread adrelanos
Paul Wise:> On Mon, Dec 16, 2013 at 1:34 PM, adrelanos wrote: > >> I am wondering how excited the apt developers would be about adding a >> bash script to their app. I'll see how far I get and contact them when >> there is something to talk about. > > I suppose POSIX shell would be preferable. I a