> On Sat, Sep 22, 2007 at 11:34:33AM -0400, Douglas A. Tutty wrote:
> > Linux has SELinux in its 2.6 kernel and debian has gone ahead and
> > compiled SELinux into the libraries, although the SELinux policies
> > aren't ready on debian yet. The whole focus seems to be to make Linux
> > "more secure". I'm not sure what to make of it. I figure that if you
> > want secure, you switch to OBSD.
> >
> > Could someone who knows both the details of OBSDs security enhancements
> > and the details of SELinux comment?
>
> I don't know all the details, and especially not the SELinux details,
> but that won't stop me from commenting.
>
> Not long ago I was talking with a Linux person about security, and they
> pointed me to a set of patches that did a lot of nifty stuff. Good
> stuff, like the things you find OpenBSD doing. But it's not in the
> mainline kernel, it's a set of patches.
>
> Security should not be grafted on, it should be integrated into the
> main development process. I'm sure the patch maintainers are doing their
> best, but this doesn't change the fundamental flaw in the process. It's
> not a flaw of their making, it's inherent in the situation. But it's
> still a flaw.
>
> Compare that to a complete operating system (OpenBSD) where security is part of
> code quality, and part of the normal mainline development.
>
> --
> Darrin Chandler | Phoenix BSD User Group | MetaBUG
>
dwchandler@stilyagin.com |
http://phxbug.org/ |
http://metabug.org/
>
http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
