On Sun, 23 Jan 2011 09:04:32 +0100 Sven Joachim <svenj...@gmx.de> wrote:
> On 2011-01-23 07:29 +0100, Rico Secada wrote: > > > After having brushed up on some technical aspects of security I would > > like to understand why Debian isn't secure be default. > > > > As we all know a lot of security breaches occur because of overflow > > errors. Difference protective measurements has been developed for > > example such as "executable space protection". > > > > As seen in this list of comparison both Fedora and SUSE are running > > with some method of protection enabled by default whereas Debian isn't. > > > > http://en.wikipedia.org/wiki/Comparison_of_Linux_distributions#Security_features > > > > Another example is "stack checking" in GCC where for example OpenBSD > > ships with this setting as "enabled-by-default" whereas it is > > "off-by-default" on Debian. > > > > I would like to understand why Debian is running with this policy of > > "security is off by default"? > > Basically because the developers cannot agree where the hardened > compiler options should be implemented. You can get more information by > reading http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552688. > > Sven > This was detailed in a release from the security team today: > * Hardening compiler flags > > Debian is currently one of the few distributions that doesn't enable hardening > options in the compiler that protect packages against certain types of > vulnerability. There has been work on this for a longer time but it didn't > yet come to fruition. A Birds of a Feather-session will be organised at the > upcoming Debian Conference to get all involved people together and implement > this. So, in short, it's happening. Just slowly. -- rbmj -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110124034306.50c970b7@blair-laptop