* Balint Reczey <bal...@balintreczey.hu> [2014-04-15 12:01]: (...)
> My proposal for serving those security-focused users is introducing a > new architecture targeting amd64 hardware, but with more security > related C/C++ features turned on for every package (currently hardening > has to be enabled by the maintainers in some way) through compiler flags > as a start. > > Introducing the new architecture would also let package maintainers > enabling additional dependencies and build rules selectively for the new > architecture improving the security further. On the users' side the > advantage of having a separate security enhanced architecture instead of > a Debian derivative is the potential of installing a set of security > enhanced packages using multiarch [6]. You could have a fast amd64 > installation as a base and run Apache or any other sensitive server from > the amd64-hardened packages! > > ----- > > What do you think? Would adding a new arch be feasible and a good solution? Why is it not feasable to provide additional -hardened packages? With that it would be possible to provide hardened versions of packages on other archs as well. Kind regards, Martin -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140416125330.gb12...@anguilla.debian.or.at