[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Indy praised on linux.com

Jericho just wrote an article on open source security, and the attitude
linux distributions take towards security. Indy gets mentioned, and put in
a pretty good light (he perhaps a little over stated what we're doing, but
I believe we have the attitude correct, and that's what counts). Jericho
says he writes two articles a month for linux.com, and would be interested
in writing a whole one one on Independence. I suggested that next time,
when the file isn't done quite so quickly (he contacted me a couple of
hours ago with the idea, and now it's finished), he speaks Jean as well.

The article can currently be found at:
(will appear on security.linux.com soon)

Relevant parts:

   Why Linux Security Will Succeed
   Two flavors of Linux stand out in the fight to maintain the most
   secure platform possible. Both the RedHat and the Independence
   distributions of Linux have made significant proactive efforts to
   improve their out-of-box security. In singling these two distributions
   out, I do not imply that other flavors of Linux are in any way
   negligent, only that these two appear to be setting trends in the
   Linux community.
[...] (text "Independence" above has link to Indy's home page)
   Another relatively new distribution has taken an interest in improving
   system security by tightening file and directory permissions. Unix
   descends from a spirit of sharing resources and information dating
   back to the 70's, when security almost hindered daily operations too
   much. It was a time where one administrator would quietly sneak into a
   system to fix a bug that was preventing his system from sending mail
   to a recipient, and just as quietly sneak back out without a word.
   Because of the loose permissions on files and directories, this was
   possible and encouraged users to fix their own problems. In today's
   world, that ability to fix your own problems also translates into the
   ability of an attacker to gain additional access and compromise the
   integrity of a network.
  "Expecting a new user to have to handle the security of a Linux server is
   preposterous, not only does it take years of experience in the field, but
   it also takes the time to keep up to date with the latest problems. If
   users are expected to do this, then Linux's progress will be limited."
                                        - Independence Linux

   Developers of Independence Linux see that as a point of concern. In
   response, they have been working on a new permission scheme that does
   not break any functionality of the system, yet improves the security
   posture significantly. By making hundreds of small permission changes
   around the system, the distribution caters to those individuals
   seeking security and privacy. Like RedHat, the Independence project
   also maintains a security page outlining the bugs and vulnerabilities
   they have found.
[...] (text "security page" contains link Indy's security page)
   Brian Martin (bmartin@linux.com)

Despite the attempts, he didn't make any references to the upcoming
release, but it should be good publicity.

David Webster |   cognite.net    | Project Independence Linux, Security:
cog@seul.org  | cogito, ergo sum | http://independence.seul.org/security/
     Our moral progression cannot begin until we have independence