[Security_sig] Posing a new question

Mary Edie Meredith maryedie at osdl.org
Thu Sep 15 13:21:16 PDT 2005 

As Chris' minutes on todays SIG call reflect, we brainstormed some ideas
to possibly circumvent the documentation effort.  The thought proposed
was to just list the main capabilities (5-10 to start would be fine)
desirable for Linux.  That list was the goal of the effort anyway. 

As a first stab, some agreed to report back their list of important DCL
security capabilities. So I'd like to pose this question to the entire
group.  Here are the DCL priorities that I hope will help:

DCL has focused on "Enterprise" concerns, servers (not clients), and
also on ISV (application) issues, as we need software supported on Linux
to provide solutions.   For a good description of the server types and
their environments, see the use cases we produced from Ed' initial
descriptions at:
http://developer.osdl.org/dev/security/docs/
under the heading "Use Cases developed by the SIG".

DCL has avoided addressing specifically the needs of the government
sector, as other organizations are addressing that.  However, where the
needs overlap, obviously we care.

High on the priority list are security gaps unique to Linux.
Non-technical issues apply (e.g. legal roadblocks, ease of use,
documentation).  Of high importance are gaps unique to Linux, gaps with
respect to mature UNIX OSs (Solaris), and (longer term) gaps with
respect to Microsoft solutions.  

>From the developers stand-point, a 6 month to 1 year outlook works best.
But from a Linux longevity standpoint, more strategic or longer term
problems matter as well.  So we thought about investigating some of the
issues raised by Alan Cox recently:
http://www.oreillynet.com/pub/a/network/2005/09/12/alan-cox.html

Anyway, please go over the use cases and submit 
-the capabilities that you think are important in this space, 
-some description of their importance (in your view), 
-current maturity, 
-and what progress is being made (anything you can share, that is). 
 A few items were mentioned in the minutes to give you some ideas.

Go forth and multiply!

-- 
Mary Edie Meredith
Initiative Manager
Open Source Development Labs
maryedie at osdl.org
503-906-1942

More information about the security_sig mailing list