Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Aug 2011 14:41:33 +0200
From: devzero2000 <pinto.elia@...il.com>
To: owl-dev@...ts.openwall.com
Subject: Re: Owl 4.0 priorities

On Sun, Aug 28, 2011 at 10:42 AM, Vasiliy Kulikov <segoon@...nwall.com>wrote:

> Solar,
>
> This is my very rough Owl 4.0 plan ordered by the significance:
>
> Sorry for putting my opinion here, i am just a lurker for now.

Alexander, would you consider also to upgrade the rpm release ?  It is too
old, might have security problems already solved, you know. In the similar
vein also libpopt. Openwall can now make a choice. For @rpm.org o@...5.org, to
which I belong (as devzero2000). Is not trivial to make this choice or
migrate to @rpm5.org. But there are people interested inside to @rpm5.org to
the Openwall distro, for its stability and for the people who participate
and contribuite to that. Also @rpm5.org have searched  the help of a
security review to openwall, because @rpm5.org believe much in security and
today have also the more complete crypto stack inside it.

No marketing, not flame please, because live is so shorter,  just an
opportunity between developer that have common goal.

Best regards

Ciao Alexander

* GCC update.  Look at the work done by Georgi, probably continue it or
>  start from scratch.
>
> * SYSLINUX packetizing.  Make installer use it instead of LILO.
>
> * Big Kernel Update to RHEL6/OpenVZ.  Identify which new CONFIG_* are
>  needed for Owl, which are OK to skip, which are needed for modern
>  distro run as containers (like cgroups stuff) which need prior code
>  review, etc. etc.
>
> * Solve CD space issue.  Decide to either switch to DVD, or use
>  compressed fs for Live CD, or remove (part of) sources from CD.
>
> * Backport hardening kernel stuff from upstream Linux and from
>  NACK'ed/pendind RFCs.
>
> * Identify what userspace hardening can be achieved from the updated
>  toolchain.  Likely enable everything for networking programs.
>  Probably enable them in defaults (like Ubuntu does).
>
> * IPv6.  Identify which kernel features are mandatory for userspace IPv6,
>  which are desirable/optional.  Enable IPv6 support in init scripts.
>  Identify which packages need a simple passing --with-ipv6 to
>  ./configure, which don't support it.  Packetize IPv6 related stuff
>  (radvd?).  Identify sane sysctl defaults.
>
> * Packetize new stuff / update existing.  ppp*, network sniffing tools,
>  LAMP, parted, etc.
>
> * Repository setup (apt?).
>
>
> These are likely to be mixed during the process.  However there are some
> rather strong dependencies:
>
> - Kernel update, IPv6, new tools, repository need MUCH space on CD.
>
> - Kernel update, new tools likely need new gcc as some new software
>  doesn't compile by our gcc 3.4.5.
>
> - Kernel update, IPv6 need syslinux as our lilo's pseudy floppy is
>  almost full.
>
>
> So, I expect to make big changes in the list during the process :)
>
> Thanks,
>
> --
> Vasiliy
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ