>Finally, there are several other secure Linux projects in development. >kha0s Linux and the (as-yet-unnamed) Secure Linux distribution project >coordinated by Le Reseau just starting development and aimed squarely at >servers, and to build it from the ground up. This is a very important >project, but it differs from ours in that our system is intended for >general use by a relatively unschooled public. We plan on closely >coordinating with the project hosted by Le Reseau (refereed by Rik van >Riel) as much as possible. The kha0s Linux project appears to be >dormant, but we will attempt to coordinate with them as well. This is just to set the record straight on a few things really. This is not intended to be flame bait and should not be taken as so. I do know for a fact that the kha0S project is NOT dormant in any way, and has been releasing very low level base systems for a while now. These 'snapshots' are of very basic linux systems, where all the code has been audited by hand for vulnerabilities, buffer overflows, et al. All patches that have been written were forwarded to the maintainers. Unlike some of the other secure linux distributions that have been cropping up lately, we have not publicized our efforts one bit for the fact that we wanted to have a base system to work with before getting the public involved. It seems, that we indeed should have publicized our efforts. Unfortunately, I do not see a merging of any of the projects. As mentioned by Jon, our efforts have much different goals and a different implementation. kha0S has much the same vision as OpenBSD: Audited code, small footprint, and cryptographic components. We will be source based unlike the other projects, which seem to be basing themselves off of already established name brand distribution. Also, one other thing to note is that unlike the other distributions, we do have a vision and current course of action, and well thought out plans for the future of kha0S. We seem to be months ahead of these other projects, and if we can help the other projects in any way, we would be willing to do so without hesitation. It is nice to see that there are others out there that are concerned with securing linux as much as we are. Should anyone want to view the three major secure linux projects, the web sites listed should give anyone enough information about all of them. kha0S: http://kha0s.org Bastille: http://www.bastille-linux.org Secure Linux?: http://www.reseau.nl/securelinux I beleive that all three have mailing lists that you can join should you wish. Should anyone wish to turn this into a flame war of which approach is better, please do it privately: makat_private or safat_private M. Adam Kendall Scott Fallin Project Manager Creator/Development Lead makat_private safat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:12 PDT