guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hardening

From: Ludovic Courtès
Subject: Re: Hardening
Date: Wed, 25 Jan 2017 14:04:28 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) 
Hi!

ng0 <address@hidden> skribis:

> For starters, I think we could have an "hardened-wip" branch on
> savannah (I can't commit anyway directly) and that we can target
> SELinux for now, look at Hardened-gentoo and other systems how
> they solve issues.  Afterwards we need to address the toolchain
> level, which to our advantage can be an make and break by hydra
> and everyone who wants to contribute to fixing issues can run
> their system from the hardening-toolchain-wip branch to
> contribute to fixing all the breaking applications.
>
> Then we need to discuss wether we want to provide this by default
> (my choice) OR if we want to offer a branch-choice model.
> Supporting both vanilla and hardened might take some more burden
> on fixing issues, that's why I'm all for forming a team of people
> who work on this, and when they no longer want to, other people
> join the rest of the old team, etc.

Before creating a branch, I think we need a plan.  :-)

Alex Vong proposed ways to achieve it a while back:

  https://lists.gnu.org/archive/html/guix-devel/2015-12/msg00702.html

I suggest taking a look at the discussion and starting from there.

The best option is probably to start small (limited set of
features/flags/options) and then incrementally improve that.

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]