Ubuntu Hardened SPEC-20050503 and schedule
Matt Zimmerman
mdz at ubuntu.com
Thu May 26 17:55:44 CDT 2005
On Tue, May 24, 2005 at 12:52:57AM +0200, Lorenzo Hernández García-Hierro wrote:
> The long time waited rewritten specification for Ubuntu Hardened is now
> publicly available, in both LaTeX source and PDF formats at:
>
> http://pearls.tuxedo-es.org/ubuntu/ubuntu-hardened-spec-20050503.pdf
> http://cvs.tuxedo-es.org/cgi-bin/viewcvs.cgi/ubuntu-hardened-spec/
Thanks for putting this together. Some comments:
We currently have SELinux enabled in the kernel configuration, but disabled
at runtime by default. You seem to propose enabling SELinux by default,
which is problematic for obvious reasons. Is there a rationale for changing
the approach in this way?
Does the new dpkg in breezy provide the necessary infrastructure for SELinux
policies in the packaging system?
In places where your spec disagrees with ProactiveSecurityRoadmap (but has
been agreed upon with the others working on the project),
ProactiveSecurityRoadmap should be updated, as this is the place with the
most visibility within the Ubuntu development community.
> Also, we'll need to organize the hierarchy of the development team and
> decide who will take the lead, manager and plain developer roles.
I think it would be simpler and clearer to organize things in the same way
as our other development projects. This means that it should have a lead
and a second who are both coordinating and driving development on the
project. For purposes of managing development at the distribution level, it
should share the same infrastructure and personnel who are already doing
this for other projects (e.g., JaneW and myself).
Are there any other prerequisites which must be met before you are ready to
begin implementation work?
--
- mdz
More information about the ubuntu-devel
mailing list