I would like to see more discussion of RBAC, plus a secure installation of some ssh and ntp tools. PAM is also on my wish list, if for no other reason than that the VMware guest tools want to see PAM.
Basically, I see the primary audience of this project to be server builders, including appliance builders. A server or appliance should be designed to take advantage of all this security stuff we're adding to the toolchain and to the kernel. A discussion of how to securely install various servers would also be useful. I know some of this goes into BLFS territory, such as installing Apache, PHP, an MTA, BIND, DHCP, etc. And regarding any discussion of whether to use dropbear or openssh, which ntp package to use, this is all the kind of BLFS "here are your choices" kind of stuff. But without some HLFS-specific notes, I'm not sure if I'm creating a secure installation of these packages. Chris Buxton Professional Services Men & Mice On Mar 6, 2008, at 8:05 PM, Robert Connolly wrote: > Hi. > > I need goals for 1.0. A democratic (more than three people) vote on > what to > do, and why. I'm a soldier, not a general. I need a roadmap. > > Before 1.0 I'd like to do some auditing effort, such as checking how > each > package handles temp files, and how each package opens files with > permissions, and document it. Small things, that nowdays need to be > done. > > I have been trying to get better at stabilization, while trying to > diversify > hlfs at the same time. I have no doubt in my efforts will continue, > but I am > concerned with the reputation of hlfs. I'm losing count of how many > years > have gone by. > > The LFS project has been very generous in hosting this project, and > I have > always believed it is worthwhile, but the scope of this project is > quite > broad and some definitions should be set. Goals for 2.0 and 1.0 should > probably be set at the same time, to help contain the scope of 1.0. > I would > like 1.0 to be as broad as possible, such as featuring more than the > toolchain. > > Please feel free to comment. > > robert > -- > http://linuxfromscratch.org/mailman/listinfo/hlfs-dev > FAQ: http://www.linuxfromscratch.org/faq/ > Unsubscribe: See the above information page -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
