Security Portal: OpenSource projects - what I learned from Bastille (and others)Dec 24, 1999, 17:29 (2 Talkback[s])
(Other stories by Kurt Seifried)
"Building a Linux distribution is no easy task, and building a secure Linux distribution is even harder. Bastille Linux originally started out with the ambitious goal of creating an entirely new distribution, based on Red Hat, that would be secure (an OpenBSD style project basically). Well it was started, a site was created, a domain name registered, and mailing lists were created. Unfortunately it simply didn't generate the kind of community support required for such an effort (or perhaps fortunately, in retrospect). A deadline had been set of mid December, the SANS conference, at which Bastille Linux would be "unveiled" and many CD's handed out to happy administrators. Towards this deadline the core members of the project probably realized that they would look pretty silly if they had absolutely nothing to show, so the goal of a complete distribution was dropped in favor of a hardening script aimed at Red Hat Linux...."
"Good software is like a fine wine, it takes time to mature. If you open it up to soon it tastes horrible, and if you let it sit to long you might end up with vinegar (although I'm not sure what that last bit has to do with software projects it sounds good, maybe something to do with bloat). Anything to do with security just compounds the problem since finding bugs in code and eliminating them takes a lot of work (OpenBSD being an excellent reference point)...."