cbuxton at menandmice.com
Fri Mar 7 10:12:22 PST 2008
I would like to see more discussion of RBAC, plus a secure
installation of some ssh and ntp tools. PAM is also on my wish list,
if for no other reason than that the VMware guest tools want to see PAM.
Basically, I see the primary audience of this project to be server
builders, including appliance builders. A server or appliance should
be designed to take advantage of all this security stuff we're adding
to the toolchain and to the kernel.
A discussion of how to securely install various servers would also be
useful. I know some of this goes into BLFS territory, such as
installing Apache, PHP, an MTA, BIND, DHCP, etc. And regarding any
discussion of whether to use dropbear or openssh, which ntp package to
use, this is all the kind of BLFS "here are your choices" kind of
stuff. But without some HLFS-specific notes, I'm not sure if I'm
creating a secure installation of these packages.
Men & Mice
On Mar 6, 2008, at 8:05 PM, Robert Connolly wrote:
> I need goals for 1.0. A democratic (more than three people) vote on
> what to
> do, and why. I'm a soldier, not a general. I need a roadmap.
> Before 1.0 I'd like to do some auditing effort, such as checking how
> package handles temp files, and how each package opens files with
> permissions, and document it. Small things, that nowdays need to be
> I have been trying to get better at stabilization, while trying to
> hlfs at the same time. I have no doubt in my efforts will continue,
> but I am
> concerned with the reputation of hlfs. I'm losing count of how many
> have gone by.
> The LFS project has been very generous in hosting this project, and
> I have
> always believed it is worthwhile, but the scope of this project is
> broad and some definitions should be set. Goals for 2.0 and 1.0 should
> probably be set at the same time, to help contain the scope of 1.0.
> I would
> like 1.0 to be as broad as possible, such as featuring more than the
> Please feel free to comment.
> FAQ: http://www.linuxfromscratch.org/faq/
> Unsubscribe: See the above information page
More information about the hlfs-dev