Let me list the counter arguments to the proposal (to include a new field
PREFER_HARDENED_CONFIG) so far:
* The packages should be deploying a secure configuration by default.
Counter-argument: Yes, but they don't. There are obviuosly competing interests
and sometimes convenience wins.
Hallo Ulrich, thank you for taking the time to read my proposal.
> Probably because "secure" isn't considered to be "comfortable" by a majority
> of users.
Indeed.
> I think os-relesase describes the operating system, not policies.
You are right. Perhaps machine-info would be a better fit than
> Lennart Poettering hat am 16.02.2022 13:27
> geschrieben:
> Do they? What dos "secure" mean? If there's a security vulnerability,
> maybe talk to the distro about that? They should be interested...
I am not talking about vulnerabilities here. All the major distros maintain
hardening guides.
Situation:
Many packages in a distribution ship with a default configuration that is not
considered 'secure'.
Hardening guidelines are available for all major distributions. Each is a
little different.
Many configuration suggestions are common-sense among security-conscious
administrators,