Javier Fernández-Sanguino Peña
2006-Mar-13 12:28 UTC
[Secure-testing-team] "Improving Security in Debian" Paper for Debconf5
Hi guys, Even though I''m not yet sure if I''ll be able to attend, I have submitted a paper to Debconf5 related to security work at Debian. Oriented towards helping maintainers keep their packages in shape (security-speaking), showing some data of how the security team and the security-audit team are working out and suggesting things that should be improved. It would be great if other members of the Security Team and the Debian Security Team could contribute to the paper and help with the conference (again, I''m not sure if I will attend) I believe that having a paper outline the current status of security support in Debian and what things need to be improved both in the Debian operating system and the project to improve it would be a big eye-opener to some of the issues the Security Team is having. Also, providing (in a workshop) some basic knowledge so that maintainers can security-audit their packages would save a lot of issues in the long term. This is the abstract I have proposed: ------------------------------------------------------------------------- Improving Debian Security ------------------------- ?How can we improve the security of the Debian distribution to improve it both to protect the Debian project and our end users? This presentation will try to analyse what are the major concerns related to the security in the Debian operating system, including the current trend of vulnerabilities and time to fix (an update of the one presented in Debconf3), a look on the work conducted by the Debian Security and Security Audit teams and what steps can maintainers, release managers and end-users take in order to help keep the distribution secure. The analysis will include a brief presentation of the impact of several security-enhancing technologies (SElinux, PaX, SPP..) on the distribution and what needs to be changed in order to provide these for end users. The presentation will also try to feed some discussion including proposals related to the overall management of software quality (and how this affects the security of the released distribution) as well as to what additional work can be conducted in order for the project to provide a distibution with an enterprise-level of security that could be, at some point, Common Criteria certified for government use. ------------------------------------------------------------------------- Does anyone want to help out with this? Regards Javier -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050304/29fb07c3/attachment.pgp