Could hold:
issues of encryption
issues of exploits
issues of tips and tricks, howtos to harden the box
SElinux AppArmour and other settings
Tor issues
infos about important fixes
and so on an so forth.
Just an idea.
[as a moderator, I would be concerned about increasing the number of forums – but hey I’m just one opinion. Thanks for the suggestion – let’s see what other think]
Maybe things like backup techniques too? what do you think about that? And maybe permissions issues?
Hi
Why not just rename the security-announcements?
–
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.25-0.1-default
up 2 days 3:33, 2 users, load average: 0.05, 0.03, 0.00
GPU GeForce 8600 GTS Silent - Driver Version: 185.18.14
In my idea permission issues would be pertinent (as they are problematic in unix) but backup I would not include it, as long as you are not thinking about how to store a backup. I think a lot of users choose linux because of concerns of holding control of the own machine, to avoid viral threads, to avoid hijacked machines.
What could hold it too, is howtos and questions about correct email encryption (to little people I know are using Gnupg or sign their emails).
I intend security against abuse, breaking passwords, compromise the integrity of a system, make sure people develop a “secure” mentality. Security is a causal chain if you think of it. A group like this could have the advantage to gather knowledge of different provenience, allowing for more rational searches on the subject.
Thats a list, which can be considered.
One thing from me, there is any solved button in the forum?, when the problem is solved, we can mark the thread as solved. This will benefit other users to see the solution and search for right information. I know, its a tech based. But may be it would be considered. OR may be it is there, but no body is using. then why?.
Is it invisible to click it?.
One thing more, there are sub sections in each section. Lets say, networking has wireless etc etc. When some one post there in wireless section, it is somehow very rare to go there, answer and check. But if the same post is posted under main section in networking… Post will get more replies… Just an idea.
Not sure, its going to take place or not. But we can do the analysis from there.
There is probably more to be had by googling linux security. Even a dedicated website called linuxsecurity.com :).
There is probably more to be had by googling linux security. Even a dedicated website called linuxsecurity.com
Yes and no. The overall PC user with openSUSE on it will look here for first advice (at least we hope this no?).
Generally speaking it is never a problem to have information available, but it is IMHO for the most users a problem to FIND the information they want, spread over the internet and hidden in the redundancy of documentation. Don’t forget the main part will not have a solid background in boolean google searches, right? We have then also consider the opportunity cost of users. It is O.K. to assume a linux user is motivated, but may we really assume they should have “all the time of the world” for searching, extracting, adapting and applying (or learning how to apply) the information that is available on the internet?
What may work for Ubuntu and Debian will maybe not work for openSUSE, what is written generically will maybe not in the range of the average openSUSE user when she/he approaches an issue the first time.
Second thought is that we would avoid redundancies if we would gather the security related threads in one group. A lot of people post twice, three times nearly superposable threads because they do not want / are not able to, find all the pertinent info / threads. And that is often not even a question of not wanting to search but also because of the multitude of subjects chosen by the different authors an a lack of, or because of incorrect tagging.
One thing from me, there is any solved button in the forum?,
I think the solved button question appealing, even more appealing would it be, if the How-to(s) available would be also correct and if they would be updated regularly. For what I have seen recently that does not seem the case. A howto in a newsgroup like this would have the advantage to be easily commented by users for feedback and supplemental advice.
@stakanov
Leaving aside whether those arguments are valid, they could equally apply to any proposed forum subject e.g virtualization, backup and recovery, etc. For a list see the many headings for documents and howto’s in the wiki. The arguments don’t answer the question: Why a separate security section? I expect the administrators wish to avoid a long list of separate subjects.
A howto is the usual way to address frequent posts about the same problem, and I agree that they should be updated. Sometimes, a howto reflects one persons experience with their own system, and isn’t updated or removed to reflect new information from other sources and posts elsewhere in the forum.
Being able to flag posts as solved would be useful, and I think it has been asked about before.
Why a separate security section?
As I argued before, security is, if you think of it, an issue that has two particularities:
a) it is a causal chain, therefore involves a manifold variety of aspects of the OS and therefor the knowledge is easily dispersed.
b) because security is one of the most notable “killer features” compared to competing OSes that cannot (IMHO) compare to the qualities of Linux in this aspect. It would be therefor logic from a technical, to some extend “semantical” as well as of a “marketing” point of view to set a group for security issues and aspects (Honestly I have seen a lot of effort of FUD on declaring Linux unsafe recently, in several websites and articles around there).
c) to avoid inflation of groups there could be either subgroups or, if we want to keep the structure (comprehensible), then one could put the obligation to tag the articles prior being able to post them, so at least searches will make sense (tags could be rightly “security” “networking” ecc. This would make it possible to filter much more efficiently (provided that users will collaborate correctly).
And yes, I DO understand your point: the fear about group inflation.
Hey consused:
>Being able to flag posts as solved would be useful, and I think it has
>been asked about before.
It has and everyone agrees it would be useful IF it were consistently
used. Alas, most people don’t bother to use things like that and the
forum staff keeps busy doing what they are doing now and don’t want to be
tasked with determining if a thread is solved or not then marking it. FWIW.
–
Kim (7/27/2009 2:21:08 PM Mountain)
in my most humble opinion, there is nothing so unique about openSUSE
that individual security needs cannot be easily addressed in the
thousands of generic Linux security how-tos, tutorials, step-by-steps
and etc readily available via a google, or in magazines/books…
and, those items which are unique to openSUSE are covered well
enough (imo) in the ‘official documentation’ that no special user
forum here is needed…for example,
-
under “Official Novell Documentation” click “Novell openSUSE 11.1
Documentation” (or your supported version) -
scroll down and click on “openSUSE 11.1 Security Guide” and get
busy … i guess all possible questions to be fielded in a new,
specialized fora are already answered…
–
brassy
in my most humble opinion, there is nothing so unique about openSUSE
that individual security needs cannot be easily addressed in the
thousands of generic Linux security how-tos, tutorials, step-by-steps
and etc readily available via a google, or in magazines/books…and, those items which are unique to openSUSE are covered well
enough (imo) in the ‘official documentation’ that no special user
forum here is needed…for example
@brassy: thanks for posting and expressing your views, no need to be so humble
What I would like you to note is that your position substantially does not contradict what I am saying. The howto is marvelous and when you have a problem with the implementation where do you go? To this forum I would guess. And where do you search for your help? I the “security group” 
or you just post redundant because of the issues said before.
And I agree there are thousands of dispersed articles around the net. This was the reason for my proposal.
If users would use consistently the tagging feature I would agree on your point. But they don’t as far as I saw using the filter with it.
I agree with stakanov: regardless of the number of written tutorials out there, there is always a place for forums like ours (and IRC too).
> I agree with stakanov: regardless of the number of written tutorials out
> there, there is always a place for forums like ours (and IRC too).
but, his point was that there should be a NEW unnecessarily redundant
http://forums.opensuse.org/security forum
of course, there are others who believe there should be a special
forum for other topics…personally, i’d like to see one called
themes_backgrounds_cubes_effects_eye-candy_etc so i wouldn’t have to
sift through so much of that in install/boot/login and applications fora
but, i don’t expect i’ll get it my way either…
–
brassy
@brassy:
but, his point was that there should be a NEW unnecessarily redundant
http://forums.opensuse.org/security forum
My dear, my point was that I propose for discussion (in which you are taking part) the gathering of security issues (that I feel might be useful for their caracteristics to touch very widespread arguments) in one coherent group **to avoid redundancy. **
I would like you to refrain from supposing what my “point” is, and would rather suggest you to represent YOUR points and argumentation. (Maybe the humble thing was not so bad after all, you should come back on it lol!)
I wasn’t sure, so thanks for clarifying the staff position. Reading between the lines, I have to assume that the implementation effort would not be justified by inconsistent or low usage.
Indeed, it appears to be the case that similar facilities such as category tagging and thread rating are presently used inconsistently, and rarely, as in the case of thread rating. Although in those examples, the involvement of busy staff to mitigate the situation, appears not to be required. Have I missed some technical difference with these facilities, perhaps?
Personally , I hadn’t envisaged busy forum staff having to monitor and apply the solved marker. I thought that OP’s would do that, in the interests of speeding up searches for solved threads, to the benefit of all forum members.
Actually the use of rating is also not a bad idea, but 1stly no body knows, where that button is…its somehow not clear/visible to use.
I think, the solved thread will pull the attention of the users for the search of the right information.
Could you elaborate, that can be read +ve or -ve. Rather than “pull”, did you mean “divert” (-ve in this context maybe). 
Ohhh, maybe i used words without care. I mean +ve. I am a member of some others forums, when a problem is solved, and he/she don’t know about the solved button, we remind them to mark the thread as solved. And it just save a lot of time also for a person, who is going to help. Because when that person see, that post is solved, so he/she don’t bother it and check the others post, if some one in need of help.
Hope i’m clear enough this time.
Thanks, that is clearer and a very positive point.
The solved marker also benefits the helpers, in quickly identifying and avoiding solved threads. That should encourage everyone (not just the staff) to remind OP’s to mark their threads as solved.