:Security Portal: OpenSource projects - what I learned from Bastille (and others)
Security Portal: OpenSource projects - what I learned from Bastille (and others) Dec 24, 1999, 17 :29 UTC (2 Talkback[s]) (4132 reads) (Other stories by Kurt Seifried,)
"Building a Linux distribution is no easy task, and building
a secure Linux distribution is even harder. Bastille Linux originally started out with
the ambitious goal of creating an entirely new distribution, based on Red Hat, that
would be secure (an OpenBSD style project basically). Well it was started, a site
was created, a domain name registered, and mailing lists were created.
Unfortunately it simply didn't generate the kind of community support required for
such an effort (or perhaps fortunately, in retrospect). A deadline had been set of
mid December, the SANS conference, at which Bastille Linux would be "unveiled"
and many CD's handed out to happy administrators. Towards this deadline the
core members of the project probably realized that they would look pretty silly if
they had absolutely nothing to show, so the goal of a complete distribution was
dropped in favor of a hardening script aimed at Red Hat Linux...."
"Good software is like a fine wine, it takes time to mature. If you open it up to soon it tastes horrible, and if you let it sit to
long you might end up with vinegar (although I'm not sure what that last bit has to do with software projects it sounds
good, maybe something to do with bloat). Anything to do with security just compounds the problem since finding bugs in
code and eliminating them takes a lot of work (OpenBSD being an excellent reference point)...."
