Slashdot Mirror
Debian Hardened Aims For Security
larryg writes "Debian Hardened is a new project that wants be an official Debian sub-project. It aims to provide a complete tree of hardened kernel and software packages for a standard Debian distribution, without changing to another like Adamantix and making easy the hardening of any machine running Debian GNU/Linux. The hardened kernels use the grSecurity patch and some of the Adamantix kernel patches; also, its packages are compiled with the ProPolice/SSP gcc extension and some libraries to prevent and trace buffer overflow attacks. Also, and as a second project, we are working on some enhacements against the Linux Entropy Pool engine, using an external TRNG (True Random Numbers Generator) device which uses thermal noise and also the atomic decay from a Geiger counter, making true unpredictable random numbers."
First off, who are these guys?
Debian already has a security project, a few of them actually.
I looked at google for either of these guys names and unless I am mistaken, this is what I got: developer one and developer two.
Interesting that anyone else that they haven't ever used those names to contribute to say at least a single debian security mailing list, or say ANY debian lists?
Even more interesting is that they don't seem to have much but a slashdot plug and they are accepting donations.
I am not impressed. Working with the debian security team is the way to go.
Steve Kemp is one of the main guys heading up the debian audit project, these guys should be working with him. Not for some other project.
The official debian project for this is the debian audit project.
Hell advertising that they use SSP enabled GCC! Steve makes those packages for use with debian already!
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M