[Honeywall] Welcome!

Patrick McCarty patrick at setsuid.net
Thu Jun 28 18:24:41 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


We've been talking about this for quite some time.

IMO we need to adopt a supportable platform that will be available for 2+ years that provides the closest environment to our target. (ie: less OS devel for us, more honeynet specific stuff)

12-18 packages is quite a few, but not completely out of the question. (Depending on versioning dependencies, etc)

We've talked about the pipe dream of being able to install a "honeywall package" on top of whatever platform the user desires, but I just don't see that as realistic. We need to be able to control as much of the environment as possible to reduce unknown installation factors and configuration complexity.

Oh, and I really prefer not to pull packages from some other third party repo if we can avoid it. At minimum I'd prefer to repackage them into our own repo.

- -- patrick

On Thu, Jun 28, 2007 at 04:00:42PM -0400, Earl wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Arthur,
> 
> The folding of the Fedora Legacy prject pretty much broke tha
> camells back as far as using FC as our OS since the lifespan is now
> limited to what, 1 year max?
> 
> For historical info, I sort of needed to get 1.2 out fast so going
> from FC3 (roo-1.0/1.1) to FC6 was the best way to go at the time.
> It also had the added bennefit of th efact that RHEL5 which we all
> know the CentOS project would pick up and transform into CentOS5
> was more/less based on FC6 thus setting up a potential transition
> path for roo.
> 
> That being said, I did a package availability test a while back
> that yielded about 12-18 packages that are in roo but not available
> from the CentOS5 branch *at the time*.  I seem to recall them
> stating that they are working on stuff that is tipically found in
> what used to be called FC extras etc. which is where the  missing
> packages come from but have not checked back since then (TODO++).
> 
> I think we need to look closely at lib/app/etc versions currently
> in CentOS5 and attemptt o determine if we cna live with them for
> about 2 years.  If so, see if we have resources available to
> maintain any packages that the Honeywall needs that they do not
> require.  OR, if we can grab them form a RELIABLE source - without
> going through the pain of pulling form multiple repos that we have
> no control over...
> 
> Thoughts?
> 
> 
> Earl
> 
> 
> On Thu, 28 Jun 2007 04:58:41 -0400 Arthur Clune
> <arthur at honeynet.org.uk> wrote:
> >On 28 Jun 2007, at 05:50, Earl wrote:
> >
> >> OS related - init handling, packaging, updating, system health,
> >etc.
> >
> >And 'which OS?'. It looks to me that chasing the moving target
> >that
> >is Fedora creates a lot of work that doesn't add value to the
> >cdrom
> >itself. Moving to a more stable platform (CentOS is the obvious
> >one)
> >would be a one-off hit but would give us a more stable base to
> >work
> >over.
> >
> >The counter argument to this is the same as it always is for
> >'enterprise linux' : if we get to a point where we need more
> >recent
> >libraries etc. than JoesEnterpriseLinux 1.0 provides, we have to
> >move
> >on anyway or make such extensive customisations that it negates
> >the
> >gain.
> >
> >Just chucking the idea out. I know Earl has talked about this in
> >the
> >past as something to look out after 1.2.
> >
> >Arthur
> >
> >--
> >Arthur Clune. UK Honeynet Project. arthur at honeynet.org.uk
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 2.5
> 
> wkYEARECAAYFAkaDyxgACgkQk7+e+4lPSm1xmQCguCGKY67rUrMhZgL/sGMiXVuOFMYA
> njZf/vyYBskUdM9QtMWzDnD3IgAi
> =5Mnk
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFGhDUopPYocrgNjZgRAmOsAJ0aNe+bsLVLwBCI12LaWltWDVWTZgCfY+pO
Wl2ZBBuC9W4APB/MFKgXP3U=
=h0RE
-----END PGP SIGNATURE-----


More information about the Honeywall mailing list