Standardizing on Security

Standardizing on Security
Hal Flynn, 2004-01-14

The Linux standards group publishes 565 pages of data describing a standards-compliant Linux package. So why aren't any of them about security?

Expand all | Post comment

Standardizing on Security 2004-01-15
Anonymous

Would a standard enhance, or retard security? 2004-01-15
Anonymous

Standardizing on Security 2004-01-16
Anonymous

Bring in the zealots. 2004-01-16
Anonymous (1 replies)

Bring in the zealots. 2004-01-19
Anonymous

Fedora Core release 2 2004-01-16
Jared Robinson

Standardizing on Security 2004-01-16
Anonymous

Standardizing on Security 2004-01-17
Anonymous (1 replies)

You are right about "linux zealots" bashing Hal mercilessly, as I am about to do. Linux, as an operating system, is not some monolithic piece of corporate code that one can easily "standardize" because nobody owns the code. It is the nature of linux to allow users to customize the kernel and applications to meet their needs. If security is important to you, you can tighten your build to meet your specs. If not, you don't have to. That is the beauty of Linux. Otherwise, why not just use OpenBSD? I think that the author really means "make linux as secure as possible out of the box so n00bs can install and use without bothering to secure it themselves". Anybody using Linux should have enough expertise to secure the OS, and if not, they shouldn't be using it.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/207/24416#24416

Standardizing on Security 2004-01-19
Anonymous

Hal would be right... 2004-01-19
Anonymous

Standard Argument 2004-01-19
Anonymous

Standardizing on Security 2004-01-21
blacklight

Standardizing on Security 2004-01-21
Anonymous