[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] What's to be Done



I don't have the means to watch this talk right now so I apologise if my
questions or comments have already been addressed.

While i agree with all of your points, I can't really see many of these
suggestions being taken up by Debian. Especially things like compiling
packages as pie or with asan(lol) or enabling significant grsec and Pax
options. These all come with a non-trivial runtime overhead and will
introduce usability and stability issues by design (I.e. processes will
crash or not start instead of continue in a potentially dangerous way.)

The problem is most users and developers (including the likes of Linus) do
not care at all about security but will hit the roof in rage if the system
is 0.1% slower or this buggy 30 year old Unix application does not work
anymore.

Is it realistic to incorporate real security into such a mainstream distro
Debian or do we need to build/ fork a separate distro?

What is the actual plan to get these things done?
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk