Hello everyone, Michael web site with a statistic I've watching for time to time. Also *Debian* Hardening wiki page I studied a couple of time.
*>* *There is a lintian check for setuid binaries (...) **>* * There isn't really any group effort tackling or monitoring **>* * the assortment of useful hardening features (...) * Are you trying to say, that this problem is almost without checking, auditing etc.? You're right - there isn't really any group effort tackling to adding/enabling additional Security Features. *Ubuntu* and *openSUSE* doing perfectly job in this arena. Both system using many interesting features, which aren't available in *Debian*. *Moritz* that's a full list of packages with a DSA over past years? If so, it means that there almost every pkg's is protected. Or maybe it's just an example. I wish I could help, but I'm not right person for this type of things. This is very interesting, that only one hour is enough to make changes. *@intrigeri* I would like to thank you because of submitted patch! Anyway, it could be very nice if *Debian* would start to implement *AppArmor* for serious - put all effort on this (yes, there is also *SELinux*) because it's very simple, intuitive, contains many profiles etc. SELinux is also good, but is complex. Of course there is *openSUSE* and *Ubuntu* with *AppArmor* so everything is even easier. In my opinion it's time to include more and more Security Features into *Debian*. According to this I've a one question; is there a possibility to releasing *Debian* with already complied *grSec/PAX* kernel? If I remember correctly, sometime ago there was similar project. Of course I mean future. Best regards.