Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 31 Mar 2012 15:34:51 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: GSOC packetfence Lamp stack

Hi Mesut,

I'm sorry I failed to get back to you in time in response to your
previous inquiry.

On Sat, Mar 31, 2012 at 01:35:49PM +0300, Mesut Can G?rle wrote:
> I installed Openwall both on virtualbox and a phsycal machine. I prepared
> Lamp (apache, php and mysql) packages. I build them on Openwall 3. These
> packages can be accessible from http://mesutcang.net23.net/owl/. I get them
> from Croco's repo and rebuild for Openwall 3. I get fimiliar with Openwall,
> read a lot in wiki and get some experience with Openwall.

Sounds good (as a way for you to get more familiar with our stuff).

> Now I am working
> on apache2 package but having troubles with its dependencies( apr,
> apr-util). I prepared SRPM's for lastest version of Lamp stack. I can build
> source (configure, make, make install) but I have some troubles with
> packaging. I am working on it.

Actually, we readily have this stuff packaged - we currently use it on
systems that we setup ourselves.  The potential GSoC project is
primarily about re-doing this in a cleaner way or cleaning up what we
have and getting it into Owl incrementally, with due reviews.  We have
higher quality requirements for stuff that we release vs. what we may
happen to use ourselves.

Chances are that this task will stay outside of GSoC 2012, unless we
receive an application from someone who we'd expect would manage not
only to get a LAMP stack going (which we already have), but also do it
in a cleaner fashion and with certain security-relevant enhancements
(e.g., we have unreleased changes to Apache's suEXEC to allow/deny
scripts per-UID - I first implemented this in 1998 or so, and this is
currently in use on many systems - we'll want this in Owl, but
re-implemented in a cleaner fashion).  The right person could be e.g.
someone who previously did similar work for a web hosting provider or a
Linux distro.  It shouldn't be the person's very first time into
patching this kind of software.

> This time I am confused about this subject.
> Would it be better for me to prepare latest versions of LAMP stack packages
> or would it be better if I prepare an interface for "control".

As it relates to direct progress at the GSoC task, neither.  As it
relates to you learning stuff in general (maybe such that you could join
us outside of GSoC or under another year's GSoC if you stay involved),
whichever works best for you.

Thanks, and sorry about disappointing you.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ