On Wed, 2008-07-09 at 15:36 -0400, [EMAIL PROTECTED] wrote: > Message: 1 > Date: Wed, 9 Jul 2008 14:10:16 -0500 > From: inode0 <[EMAIL PROTECTED]> > Subject: Re: [rhelv5-list] Speculation on Red Hat Enterprise Linux 6 > To: "Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list" > <rhelv5-list@redhat.com> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > On Wed, Jul 9, 2008 at 1:52 PM, Bill Nottingham <[EMAIL PROTECTED]> wrote: > > Ed Brown ([EMAIL PROTECTED]) said: > >> I suspect many of us would love to see a minimal, hardened installation > >> option, or version, or channel or however it might be implemented, but > >> out-of-the-gate it would substantially meet configuration 'guidelines' > >> such as <http://www.nsa.gov/snac/os/redhat/rhel5-guide-i731.pdf>. (or > >> those from CIS, NIST, etc) > > > > We're all for sensible security by default. > > I think a serious conversation about what customers perceive to be > sensible security might be a good thing. Nothing is going to fit right > for everyone, Every time I think about how many things I need to > disable and/or remove from a server I do get a little cranky. > > Perhaps some of us in the community could suggest concrete examples of > how we would like to see a RHEL server installed and configured out of > the box?
A good start would be to stop installing bluetooth, pcmcia, and avahi as part of a server installation. The smart card stuff is of questionable value for servers. I personally don't need it, and would rather see that as an optional group of packages, rather than as part of the default. I think, in general the install groups (comps.xml) could use some better attention. I'd love to see group inheritance come back (I have no idea why it was removed), and see more specific package groups created to allow selection of specific functionality (e.g. wireless support, infiniband support, smart card support, etc.). Once that's done, it would also be nice to integrate alternatives into Anaconda. I hate having to remove sendmail and install postfix or exim (or customize my comps.xml) just because Anaconda isn't flexible enough to simply ask me what my preferred MTA is. > > > Intentionally crippling the X server, removing module files shipped > > with the kernel, and claiming that RFCs enacted 12 years ago are 'new' > > and therefore scary? > > > > Not sensible. > > Crippling? How about an option to avoid the X server altogether? Even > if buried in one of the default package options there is some > system-config-* package that requires it? > > I think the bottom line is that unless the community can organize > itself to give some concrete guidance to Red Hat about what we really > want to see it is unlikely to materialize. > > John ---Brett. _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
