On Tue, Apr 15, 2014 at 6:15 PM, Thomas Goirand <z...@debian.org> wrote: > On 04/15/2014 06:00 PM, Balint Reczey wrote: >> Hi, >> >> I have posted the following idea on my blog [7] to get comments from >> people not on this list, but obviously this is the mailing list where >> the proposal should be discussed. :-) >> >> ----- >> >> Facing last week's Heartbleed [1] bug the need for improving the >> security of our systems became more apparent than usually. In Debian >> there are widely used methods for Hardening [2] packages at build time >> and guidelines [3] for improving the default installations' security. >> >> Employing such methods usually come at an expense, for example slower >> code execution of binaries due to additional checks or additional >> configuration steps when setting up a system. Balancing between >> usability and security Debian chose an approach which would satisfy the >> most users by using C/C++ features [4] which only slightly decrease >> execution speed of built binaries and by using reasonable defaults in >> package installations. >> >> All the architectures supported by Debian aims using the same methods >> for enhancing security but it does not have to stay the same way. Amd64 >> is the most widely used architecture of Debian according to popcon [5] >> and amd64 hardware comes with powerful CPU-s. I think there would be a >> significant amount of people (being one of them :-)) who would happily >> use a version of Debian with more security features enabled by default >> sacrificing some CPU power and installing and setting up additional >> packages. >> >> My proposal for serving those security-focused users is introducing a >> new architecture targeting amd64 hardware, but with more security >> related C/C++ features turned on for every package (currently hardening >> has to be enabled by the maintainers in some way) through compiler flags >> as a start. >> >> Introducing the new architecture would also let package maintainers >> enabling additional dependencies and build rules selectively for the new >> architecture improving the security further. On the users' side the >> advantage of having a separate security enhanced architecture instead of >> a Debian derivative is the potential of installing a set of security >> enhanced packages using multiarch [6]. You could have a fast amd64 >> installation as a base and run Apache or any other sensitive server from >> the amd64-hardened packages! >> >> ----- >> >> What do you think? Would adding a new arch be feasible and a good solution? >> >> Cheers, >> Balint > > My take on this: start it if you wish, and see how it takes you. If it > is successful enough, it will go to http://www.debian-ports.org/. If it > has even more success, then probably it will go through the standard > repository and be official part of Debian. Whatever happens, it will be > interesting to see what kind of performance hit you get, and what kind > of security enhancement there is.
Same comment as Thomas. On your way you'll pretty much be required to implement source-only/binary-drop uploads, which is a feature I want to see ;) BTW, thanks to your post, I discovered that ld.so is capable of searching in `hardware-specific` directory first. Good luck, -M -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CA+7wUswxGPYno0NO=y4sbA4WkLM=-5n7-we2a_dc1ar-bf_...@mail.gmail.com
