Hardened Lunar Linux

Jean Michel Bruenn jean.bruenn at ip-minds.de
Fri Mar 9 19:51:26 CET 2007


Ehlo,

compiled now coreutils, binutils, gcc, glibc, the linux kernel 3 times
seems all working really fine.

in reply to zbiggy:

> 2) comfortable maintenance (hd moonbase and hd flags help to distinguish 
> modules in tree and discussion about them)

ack. 

> 3) most average users (like me) does not need hardening at home machines and 
> prefer more comfortable use vs more less friendly hardened system.

for me, it's interesting. Cause i offer server with pre installed lunar linux

> 4) smaller downloads when there are two moonbases (for two different purposes 
> and machine destinations)

ack.

> 5) moonbase-hd as serious, security related project needs very detailed module 
> review by several top level devs with long experience (not only one!), I do 
> not know if our community is big enough to handle this. There must be some 
> monitoring of security websites for rapid security patches implementation and 
> testing (less than few hours reaction time is a must!)

There i see the main problem. We could write some tools, catching security
patch informations from websites.. but thats another story, first we have
to find ppl who like this idea, and would work with me on this.

Thats why i said: We can't be as fast with module updates as the original
moonbase. For example: When we have to write patches for xyz, this patches
writing needs time - so we would be not as fast as the normal moonbase
with submitting modules. Cause we have to look for security problems, for
patches, and we have to write patches if none exists, or rewrite patchs
if they don't match.

What i want to say: It could be that
lunar moonbase uses xyz 4.1.2
lunar moonbase-hd uses xyz 4.1.1 
cause of known security problems, missing patches, missing testing, etc.

> 6) Lunar as being source based distribution and having some years of 
> development by introducing moonbase-hd can pay attention of big organisations 
> which not only requires distro iso but also team ready to provide services 
> described in #5 point. The team have to be ready to solve security related 
> problems when there is not any official patch available.
> 

Yeah. Thats again, the same problem. First we need to look for ppl who are
interested in this. 

So: Patches exist all over the world. As long as we keep credits we can use
patches from LFS, Debian or perhaps other distributions as long as they match
GPL (i think, if not correct me) - Perhaps there would be a bit rewriting
needed, depends on the patch and distribution. But i think this would be an
interesting way for lunar linux.

Cheers Jean


More information about the Lunar-dev mailing list