Goals

Chris Buxton cbuxton at menandmice.com
Fri Mar 7 10:12:22 PST 2008


I would like to see more discussion of RBAC, plus a secure  
installation of some ssh and ntp tools. PAM is also on my wish list,  
if for no other reason than that the VMware guest tools want to see PAM.

Basically, I see the primary audience of this project to be server  
builders, including appliance builders. A server or appliance should  
be designed to take advantage of all this security stuff we're adding  
to the toolchain and to the kernel.

A discussion of how to securely install various servers would also be  
useful. I know some of this goes into BLFS territory, such as  
installing Apache, PHP, an MTA, BIND, DHCP, etc. And regarding any  
discussion of whether to use dropbear or openssh, which ntp package to  
use, this is all the kind of BLFS "here are your choices" kind of  
stuff. But without some HLFS-specific notes, I'm not sure if I'm  
creating a secure installation of these packages.

Chris Buxton
Professional Services
Men & Mice

On Mar 6, 2008, at 8:05 PM, Robert Connolly wrote:

> Hi.
>
> I need goals for 1.0. A democratic (more than three people) vote on  
> what to
> do, and why. I'm a soldier, not a general. I need a roadmap.
>
> Before 1.0 I'd like to do some auditing effort, such as checking how  
> each
> package handles temp files, and how each package opens files with
> permissions, and document it. Small things, that nowdays need to be  
> done.
>
> I have been trying to get better at stabilization, while trying to  
> diversify
> hlfs at the same time. I have no doubt in my efforts will continue,  
> but I am
> concerned with the reputation of hlfs. I'm losing count of how many  
> years
> have gone by.
>
> The LFS project has been very generous in hosting this project, and  
> I have
> always believed it is worthwhile, but the scope of this project is  
> quite
> broad and some definitions should be set. Goals for 2.0 and 1.0 should
> probably be set at the same time, to help contain the scope of 1.0.  
> I would
> like 1.0 to be as broad as possible, such as featuring more than the
> toolchain.
>
> Please feel free to comment.
>
> robert
> -- 
> http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
> FAQ: http://www.linuxfromscratch.org/faq/
> Unsubscribe: See the above information page




More information about the hlfs-dev mailing list