Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 11 Jan 2015 10:35:47 +0300
From: gremlin@...mlin.ru
To: owl-dev@...ts.openwall.com
Subject: Re: [owl-users] Owl 3.1-stable

On 2015-01-10 20:10:33 +0300, Solar Designer wrote:

I'm moving the discussion to -dev, as it promises to become
yet-not-for-users.

 >> kernel 2.6.18 instead of 2.6.32,
 > We'd receive (almost?) as much criticism for RHEL6'ish kernels
 > as well. And perhaps almost as much even if we went with RHEL7
 > already, although I think then the criticism would not be
 > justified (it'd be more of a typical misunderstanding).

I think RHEL6 (2.6.32) could be ok. And switching to these kernels
doesn't look very complicated for me - for now, I'm using it with
OpenVZ and Owl patches (with first including most of second).

 >> ancient glibc (and many other packages that we can't update
 >> without updating it first), old SSH... also, some packages are
 >> likely to be dropped, and some other should be added.
 > Right.

I succeeded on migration to openssh-5.9 with Alt patches and some
configuration changes (like disabling all weak algorithms; also
I'd like to have BF256CFB and RSA+SHA2 there, but that remains a
dream).

 >>> Those of you who read Russian might want to check out the
 >>> comments.
 >> Been there, seen the comments. Some are really hmm...
 >> unpleasant, but even those are true: we have really much to
 >> do in -current, once we've released a 3.1-stable and now
 >> aren't required to look back.
 > Ideally (for Owl), yes. But I am not sure this will happen in
 > practice, like it did not after some past releases. To me,
 > Owl has become a relatively less important project (compared
 > to other things I should be doing) than it was in 2002 or so,
 > and future direction is unclear (it would have been clearer if
 > we wanted to treat Owl as our "main project" and would be OK
 > spending lots of time maintaining a larger Owl).

We could do exactly the opposite: make Owl smaller.

That means, out-of-a-box it could be just a virtualization host
(VPS+VDS) with SSH access and build system, and other packages
could be installed (yes, I'd write this word here) from several
repositories.

Most of this list members know I'm publishing almost all SRPMs
for packages I ever built. I think they could be a good start.


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin  gremlin  ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ