[PureOS] Bits from PureOS | Sharks!

Jeremiah C. Foster jeremiah.foster at puri.sm
Tue Jul 30 12:16:50 PDT 2019


On Tue, 2019-07-30 at 09:50 -0300, Chris Lamb wrote:
> Dear all,
> 
[..]

> > Other security topics perhaps ought to be discussed privately and I
> > intend to kick off the topic with stakeholders.
> 
> A quick thought: whilst the specific details of this might be more
> suitable for some initial discussions to be held «in camera» would it
> be appropriate to briefly outline the very approximate areas in a
> security or politically sensitive way?

Yes, I think so. Thanks for the suggestion. A high-level outline of
topics I'd like to see addressed are;

1. How will we use the Security mailing list we now have? Is it to be
used in the same manner as the Debian Security list? Or are we going to
address PureOS specific security issues? What are the expecatations for
embargos (if any)?

2. Do we have a policy for server setup with regard to authentication
and authorization? Examples: no root ssh logins, password-less logins,
ssh key size and cipher, etc. These policies are meant for the PureOS
infrastructure which hopefully will not host user data (so no immediate
need for GDPR audit, etc.)

I welcome other input, this is what comes to mind at the moment.

Regards,

Jeremiah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part
URL: <http://lists.puri.sm/pipermail/pureos-project/attachments/20190730/cea379b6/attachment.sig>


More information about the Pureos-project mailing list