New category proposal: security

[stakanov]

Could hold:
issues of encryption
issues of exploits
issues of tips and tricks, howtos to harden the box
SElinux AppArmour and other settings
Tor issues
infos about important fixes
and so on an so forth.
Just an idea.

[swerdna]

[as a moderator, I would be concerned about increasing the number of forums -- but hey I'm just one opinion. Thanks for the suggestion -- let's see what other think]

Maybe things like backup techniques too? what do you think about that? And maybe permissions issues?

[malcolmlewis]

Quote:

Originally Posted by swerdna

[as a moderator, I would be concerned about increasing the number of
forums -- but hey I'm just one opinion. Thanks for the suggestion --
let's see what other think]

Maybe things like backup techniques too? what do you think about that?
And maybe permissions issues?

Hi
Why not just rename the security-announcements?

--
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.25-0.1-default
up 2 days 3:33, 2 users, load average: 0.05, 0.03, 0.00
GPU GeForce 8600 GTS Silent - Driver Version: 185.18.14

[stakanov]

Quote:

Originally Posted by swerdna

[as a moderator, I would be concerned about increasing the number of forums -- but hey I'm just one opinion. Thanks for the suggestion -- let's see what other think]

Maybe things like backup techniques too? what do you think about that? And maybe permissions issues?

In my idea permission issues would be pertinent (as they are problematic in unix) but backup I would not include it, as long as you are not thinking about how to store a backup. I think a lot of users choose linux because of concerns of holding control of the own machine, to avoid viral threads, to avoid hijacked machines.
What could hold it too, is howtos and questions about correct email encryption (to little people I know are using Gnupg or sign their emails).
I intend security against abuse, breaking passwords, compromise the integrity of a system, make sure people develop a "secure" mentality. Security is a causal chain if you think of it. A group like this could have the advantage to gather knowledge of different provenience, allowing for more rational searches on the subject.

[mmarif4u]

Thats a list, which can be considered.
One thing from me, there is any solved button in the forum?, when the problem is solved, we can mark the thread as solved. This will benefit other users to see the solution and search for right information. I know, its a tech based. But may be it would be considered. OR may be it is there, but no body is using. then why?.
Is it invisible to click it?.

One thing more, there are sub sections in each section. Lets say, networking has wireless etc etc. When some one post there in wireless section, it is somehow very rare to go there, answer and check. But if the same post is posted under main section in networking... Post will get more replies.. Just an idea.
Not sure, its going to take place or not. But we can do the analysis from there.

[consused]

There is probably more to be had by googling linux security. Even a dedicated website called linuxsecurity.com .

[stakanov]

Quote:

There is probably more to be had by googling linux security. Even a dedicated website called linuxsecurity.com

Yes and no. The overall PC user with openSUSE on it will look here for first advice (at least we hope this no?).
Generally speaking it is never a problem to have information available, but it is IMHO for the most users a problem to FIND the information they want, spread over the internet and hidden in the redundancy of documentation. Don't forget the main part will not have a solid background in boolean google searches, right? We have then also consider the opportunity cost of users. It is O.K. to assume a linux user is motivated, but may we really assume they should have "all the time of the world" for searching, extracting, adapting and applying (or learning how to apply) the information that is available on the internet?
What may work for Ubuntu and Debian will maybe not work for openSUSE, what is written generically will maybe not in the range of the average openSUSE user when she/he approaches an issue the first time.

Second thought is that we would avoid redundancies if we would gather the security related threads in one group. A lot of people post twice, three times nearly superposable threads because they do not want / are not able to, find all the pertinent info / threads. And that is often not even a question of not wanting to search but also because of the multitude of subjects chosen by the different authors an a lack of, or because of incorrect tagging.

Quote:

One thing from me, there is any solved button in the forum?,

I think the solved button question appealing, even more appealing would it be, if the How-to(s) available would be also correct and if they would be updated regularly. For what I have seen recently that does not seem the case. A howto in a newsgroup like this would have the advantage to be easily commented by users for feedback and supplemental advice.

[consused]

@stakanov
Leaving aside whether those arguments are valid, they could equally apply to any proposed forum subject e.g virtualization, backup and recovery, etc. For a list see the many headings for documents and howto's in the wiki. The arguments don't answer the question: Why a separate security section? I expect the administrators wish to avoid a long list of separate subjects.

A howto is the usual way to address frequent posts about the same problem, and I agree that they should be updated. Sometimes, a howto reflects one persons experience with their own system, and isn't updated or removed to reflect new information from other sources and posts elsewhere in the forum.

Being able to flag posts as solved would be useful, and I think it has been asked about before.

[stakanov]

@consused

Quote:

Why a separate security section?

As I argued before, security is, if you think of it, an issue that has two particularities:

a) it is a causal chain, therefore involves a manifold variety of aspects of the OS and therefor the knowledge is easily dispersed.

b) because security is one of the most notable "killer features" compared to competing OSes that cannot (IMHO) compare to the qualities of Linux in this aspect. It would be therefor logic from a technical, to some extend "semantical" as well as of a "marketing" point of view to set a group for security issues and aspects (Honestly I have seen a lot of effort of FUD on declaring Linux unsafe recently, in several websites and articles around there).

c) to avoid inflation of groups there could be either subgroups or, if we want to keep the structure (comprehensible), then one could put the obligation to tag the articles prior being able to post them, so at least searches will make sense (tags could be rightly "security" "networking" ecc. This would make it possible to filter much more efficiently (provided that users will collaborate correctly).

And yes, I DO understand your point: the fear about group inflation.

[kgroneman]

Hey consused:

>Being able to flag posts as solved would be useful, and I think it has
>been asked about before.

It has and everyone agrees it would be useful *IF* it were consistently
used. Alas, most people don't bother to use things like that and the
forum staff keeps busy doing what they are doing now and don't want to be
tasked with determining if a thread is solved or not then marking it. FWIW.

--
Kim (7/27/2009 2:21:08 PM Mountain)