[LWN Logo]

Date: Wed, 2 Jun 1999 22:22:10 +0200 (CEST)
From: Rik van Riel <riel@nl.linux.org>
To: securelinux@reseau.nl
Subject: [Secure Linux] distribution goals

Hi,

After a few days of discussion I think we can distill
a general feeling of where we want the distribution to
go and how we'd like to get there. I have made a short
list of thinks I think are important and other things
I've seen on the list. I'd really like some comments
on this list, and after we're done with that we should
start working.
	(things I just made up are marked with +, they
	can be removed at will :-)


	Distribution goals:

- create a secure distribution for server systems
+ integrate (web) server functionality that isn't in
  other (end-user) systems yet
- make sure even moderately advanced admins are able
  to keep the system both secure and functional


	Methods:

- use a more secure kernel (Solar Designer's patches, maybe rsbac)
- remove unsafe system parts
- start from a minimal distribution (minimal Debian??)
- use strong cryptography where needed
- signed packages
+ use stackguard bounds-checking compiler
- secure replacements for unsafe system programs (postfix vs sendmail)
- carefully weigh security against fuctionality
+ include documentation to educate our users of the risks
  involved in every step they take :)


If I forgot anything, or if you'd like one of these
points removed, please tell us quickly. We probably
should start working on the distribution RSN...

regards,

Rik -- Open Source: you deserve to be in control of your data.
+-------------------------------------------------------------------+
| Le Reseau netwerksystemen BV:               http://www.reseau.nl/ |
| Linux Memory Management site:   http://www.linux.eu.org/Linux-MM/ |
| Nederlandse Linux documentatie:          http://www.nl.linux.org/ |
+-------------------------------------------------------------------+