[10716] in bugtraq
Re: Bastille Linux amd kha0S Linux
daemon@ATHENA.MIT.EDU (M. Adam Kendall)
Fri Jun 4 13:33:53 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NCBBJGNCENBLMGLBJLAHOEPLDOAA.mak@kha0s.org>
Date: Thu, 3 Jun 1999 20:29:02 -0400
Reply-To: "M. Adam Kendall" <mak@KHA0S.ORG>
From: "M. Adam Kendall" <mak@KHA0S.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990603115333.G121823@gamera.ucs.umbc.edu>
>Finally, there are several other secure Linux projects in development.
>kha0s Linux and the (as-yet-unnamed) Secure Linux distribution project
>coordinated by Le Reseau just starting development and aimed squarely at
>servers, and to build it from the ground up. This is a very important
>project, but it differs from ours in that our system is intended for
>general use by a relatively unschooled public. We plan on closely
>coordinating with the project hosted by Le Reseau (refereed by Rik van
>Riel) as much as possible. The kha0s Linux project appears to be
>dormant, but we will attempt to coordinate with them as well.
This is just to set the record straight on a few things really. This
is not intended to be flame bait and should not be taken as so.
I do know for a fact that the kha0S project is NOT dormant in any way, and
has been releasing very low level base systems for a while now. These
'snapshots' are of very basic linux systems, where all the code has been
audited by hand for vulnerabilities, buffer overflows, et al. All patches
that have been written were forwarded to the maintainers.
Unlike some of the other secure linux distributions that have been cropping
up lately, we have not publicized our efforts one bit for the fact that we
wanted to have a base system to work with before getting the public
involved.
It seems, that we indeed should have publicized our efforts.
Unfortunately, I do not see a merging of any of the projects. As mentioned
by Jon, our efforts have much different goals and a different
implementation.
kha0S has much the same vision as OpenBSD: Audited code, small footprint,
and cryptographic components. We will be source based unlike the other
projects, which seem to be basing themselves off of already established name
brand distribution.
Also, one other thing to note is that unlike the other distributions, we do
have a vision and current course of action, and well thought out plans for
the future of kha0S. We seem to be months ahead of these other projects,
and
if we can help the other projects in any way, we would be willing to do so
without hesitation. It is nice to see that there are others out there that
are concerned with securing linux as much as we are.
Should anyone want to view the three major secure linux projects, the web
sites
listed should give anyone enough information about all of them.
kha0S: http://kha0s.org
Bastille: http://www.bastille-linux.org
Secure Linux?: http://www.reseau.nl/securelinux
I beleive that all three have mailing lists that you can join should you
wish.
Should anyone wish to turn this into a flame war of which approach is
better,
please do it privately: mak@kha0s.org or saf@kha0s.org
M. Adam Kendall Scott Fallin
Project Manager Creator/Development Lead
mak@kha0s.org saf@kha0s.org
