HLFS project scope.
robertmbaker at gmail.com
Tue May 25 16:18:33 PDT 2010
Below you will find my suggestions for the scope of the HLFS book.
What we want to provide.
- A base platform and build environment
- A platform for building hardened servers, routers, and firewalls
Work needed to reach a release candidate
- various package version bumps
- frandom update
- fortify source by default
- test suite/sanity checks
- x86_64 and i?86 build completion
- multi-lib or pure64 or both
- if pure64 is included patches or additional seds are needed
- ssh daemon for bootable_temporary
- libcap-ng (requires python)
- completed book text
In my oppinion HLFS-1.0 should be limited in scope to just the basic
toolchain. Very few packages should be added beyond the scope of LFS.
Those packages include libcap, (if we use libcap-ng we need Python
too.) paxctl, and an ssh daemon for the bootable temporary tools. All
other work should be focused on preparing the build environment and
HLFS-2.0 should be a more aggressive target. I would like to see the
book include documentation on grsec's RBAC system. I would also like
to see a full audit of posix capabilities on the binaries included in
the base system. Some documentation on posix capabilities would also
be a nice addition. Any additional packages that we agree should be in
the book should be added for the 2.0 version.
Any thoughts/comments/additions are welcome.
More information about the hlfs-dev