Slashdot Mirror

← Back to Stories (view on slashdot.org)

SELinux Panel at FOSE in Washington

Posted by timothy on from the battening-hatches dept.

Tony Stanco writes: "Newsforge has an article on what happened at the Security Enhanced Linux panel in Washington about certification under the Common Criteria for Information Technology Security Evaluation standard."

3 of 73 comments (clear)

  1. Good choice by Slash+Veteran · · Score: 3, Insightful

    I like the term "Security Enhanced" instead of "Secure." The former is attainable, the latter is quite laughable to anyone in the know.

  2. SELinux vs. LIDS by UnderAttack · · Score: 2, Insightful

    Now they just need to merge LIDS and SELinux!

    What is realy missing for both is a good documentation. E.g. an O'Reilly book ;-). The LIDS documentation are terribly out of date.
    Are there any distro plans for SELinux? It would be nice to combine its great features with the momentum if would get from packaging it in a nice distro.

    --
    ---- join dshield.org Distributed Intrusion Detec
  3. Certification and the GPL by ndogg · · Score: 2, Insightful
    Among the 30 audience members were several Microsoft booth workers. One asked a couple of questions about the SELinux project, including, ironically, whether changes made to ready it for the security certification would be released back to the community under the GNU General Public License. Panelists said that although the rules of security certification and the GPL sometimes conflict they were looking at ways to resolve the potential problems. Among those issues: A security certified operating system that's had outside changes made to it may lose its certification, and a distribution that's downloaded from a site that's not part of the official certification channels loses its certification, Westerman said.


    If an OS loses certification due to changes from the outside, then do what Debian does, have a stable, testing, and unstable distributions, and officially distribute only the stable distributions on CD. A long as you keep tight control over the changes made to the stable distribution, this shouldn't be a problem. This is how Debian does it, and also the reason why it's often accused of being out of date.

    Also, distribute the certification only with CDs if you can't certify downloaded OSes (and make CDs the official distribution), even if they are exactly the same. Make it clearly noted, obviously, that certification only comes on official distribution channels (i.e. the CDs.)
    --
    // file: mice.h
    #include "frickin_lasers.h"