On Tue, Nov 20, 2007 at 10:19:34AM +0000, Darren J Moffat wrote: > Ideally I would prefer to see more (maybe not all) the changes that JASS > makes to the default configuration made the default configuration in the > relevant consolidations (mostly this is ON).
+1 for turning up the level of paranoia ;) No, serioulsy - there's a long history of default settings most suitable for protected lan environments and I'm all for any efforts towards a real secure by default install that covers all aspects of security. > My recent thread on > stronger password defaults is a step in that direction. However until > such times as we have done that AND we have somewhere in the system the > equivalent of the JASS auditing (config check) capability I think we > need JASS to continue. > I do generally agree and one little thing that speaks in favor of keeping JASS around for even longer is to make it simple to switch between different security levels. Not that I think changing profile would be something you do every day, but in a time when running solaris on a laptop isn't entirely implausible, I could imagine wanting to relax things a bit when jumpstarting servers on a crossover cable. > So I'm supporting this project with the main goal of it being to > actually get as much as possible out of JASS and make it smaller as time > goes on. I would like to see the new JASS project team work with the > SMF and Install communities/projects to achieve this, with the ultimate > goal being JASS is no longer a separate component or feature. > Makes a lot of sense although I still think "ownership" belongs in the security community. > I think we do need a source repository for this but I'm not sure about > the need for a separate mailing list from security-discuss - in fact > given that the goal is integration and the amount of work that needs to > be done with other opensolaris.org communities I think a separate list > initially would be detrimental to that goal. > Agreed. That could always change if the traffic grows enough to sustain a seperate list. > So: +1 > +1 as well from my spot in the peanut gallery. vh Mads Toftum -- http://soulfood.dk
