On Thu, 1 Nov 2007, Aniruddha wrote:
On Thu, 2007-11-01 at 09:50 +0100, Adrian Schröter wrote:
I mean, each user has a different level on requirements. And he may even decides different for his different systems.
This makes it hard to define one level and one single policy for us at openSUSE, since the result of the highest security requirement would be a very small distro with not really up2date software versions.
There are two extrems from "highest security needed" up to to "I do not care, it is just for test or I just want the latest version".
So we can not define a single policy, but we can help the users to decide
...
Off course it it is doable (see Debian/Gentoo/FreeBSD/Ubuntu) who support up to 22000 packages. the only question is how ;)
Every Distribution/Unix/Linux variant has constraints. I have seen exploits in all of them. Someone has to do the programming and checking. There are not enought paid people on any of the Distribution or OS's to really bring security to a C2 level(US). Novell/SUSE has done a lot in getting security to a great level. Many of the packages in the 22000 have not had a security audit. You still have to trust. I have worked with the Devs on all the BSD variants. Just because they are in the distribution does not make them more secure. I know. I have placed reports and the authors have acknowlegded that no security audit has been preformed. So please do not make general noise about how great the security is. It is not there.
-- Boyd Gerber gerberb@zenez.com ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org