Hi Noah, > Most basically, I wonder if folks think this is a worthy idea.
Another long-term Debian user here who normally doesn't post to this list. I am very much in favour of this idea. There is a lot of information out there on this topic, but a lot of nonsense and flame wars which discourage those who cannot orient themselves in the terrain. Many people who might be inclined to trust Debian - knowing the philosophy and culture of the project - might not know who to otherwise trust in this field. It appears esoteric, and since the people who seem to know seem to be fighting among themselves, many people settle for apathy / do nothing at all. > > My inclination is to primarily focus on general principles > Yes! And the outline suggested seems to me to be ideal. More or less in that order ie. starting with threat modelling. > If you've got ideas for other topics, I'd love to hear them. I wonder if Lynis and other auditing tools might warrant mentioning. Fairly low-down if so. Thanks, Rob
