[616] in linux-security and linux-alert archive
[linux-security] Secure Linux Project
daemon@ATHENA.MIT.EDU (David J Meltzer)
Tue Feb 27 05:39:02 1996
Date: Tue, 27 Feb 1996 03:09:14 -0500 (EST)
From: David J Meltzer <davem+@andrew.cmu.edu>
To: Outbound News
<outnews+netnews.comp.os.linux.development.system@andrew.cmu.edu>,
Outbound News
<outnews+netnews.comp.os.linux.misc@andrew.cmu.edu>,
linux-security@tarsier.cv.nrao.edu
Cc: David J Meltzer <davem+@cmu.edu>
The overwhelming problem with security under linux is the lack of a cohesive
effort by any of the distribution maintainers to actively ensure the security
of any of the packages that are included within it.
The generally determined role of the distributions as well as mailing
lists are to passively wait until security holes are revealed by some
external source
before taking any sort of action. To what degree their response is successful
and speedy is certainly an important point to note, but it really adds little
to the security of the system over the long-term; it is only relevant to an
admin as to whether he needs to be concerned with that problem for that day or
week before an official fix is in order. The emergency response mode of
operations for these mailing lists and maintainers is certainly a necessity,
but it is also not the solution to making linux secure in the long-term.
The real solution for making linux a viable choice for a secure computing
environment is to take an active role in ensuring the security of it. I have
spent a great deal of of my own time in making a personal effort to improve
security, but it is clear that this is not a lone effort. But with the
spirit upon which Linux has become what it is, together we can work to
protect it.
Linux is built upon the idea of people working together to build as
high quality free operating system as possible, and it is time that one of
those goals be to actively make it a secure operating system. It is with
this idea in mind that I now announce the formation of the Secure Linux
Project.
/* David J Meltzer */
/* davem@cmu.edu */
[Mod: Announcement follows in a separate message. --Jeff.]
