On Wed, 27 Apr 2005, Thomas Jones wrote:
> What about a documentation suite entitled --- Fedora Security Series?
> Here's a brief vision statement.
> The purpose of the series is to provide a security-related orientation
> of a great multitude of topics and how they relate to the Fedora
> distribution and its role in a network infrastructure.
> For instance, the first couple topics that I would like to write would be:
> - Risk Assessment of a Fedora Core Installation Scheme
> - Risk Analysis of an Desktop Installation
> - Risk Analysis of an Server Installation
> - Policy Development in a Multiuser System
> - etc......
> As you can see, the topics are sequential in structure. Which alleviates
> any issues due to end-user initiated problems.
> i.e. in order to develop a complete operating system risk analysis and
> determine a control solution(s); you must first perform the risk
> assessment to determine probable threat agents, and safeguards
> The intended audience would be Power-Users, and individuals with
> Information Technology experience. However, with a good content model it
> should be easily understood by the general user.
> This series should be authored by individuals with relevant security
> experience. They don't need to be CISSP certified; just have first hand
> knowledge of the topic.
> I am inclined to get the series started in the right direction; so I
> would like to write the first few topics for a good base. Then it's up
> to the community!
> These should all be included in a series of related themes.
> I can start the first topic as soon as the community accepts the idea. I
> personally think this is great idea (of source I would!); but don't want
> to work on this idea; if it undermines the ideas of other team members.
On Wed, 2005-04-27 at 19:28 -0400, Elliot Lee wrote:
You don't need any approval from anyone - if it is something you
excited about, just go ahead and do it! :-) If turns out to be valuable to
others, that will be self-evident when you publicize the results of your
writing to the Fedora community.
As far as continuing the project goes, I'm not sure how many people out
there would be willing to do the work besides yourself (it's not just
something you can drop on people's laps and expect them to keep
maintaining). But don't let that stop you from taking on the challenge and
seeing where things go - there's little downside :)
Charles Heselton (tuxxer) on this list has begun a "Fedora Hardening"
tutorial with which you might be inclined to assist. He is working on
at least a couple documents, and may appreciate the help! I think
having a team of security writers would be a great thing, provided the
work can be scoped to do the following:
(1) accommodate frequent maintenance based on Fedora Core's rapid
(2) be Fedora-specific enough to give value over some of the other more
standardized security guides; and
(3) survive contributor churn.
Regardless of whether you choose to work on the Fedora Hardening
document, why don't you choose one of the topics you list for a tutorial
(article format), and begin with a barebones draft. That would be a
great way to introduce your vision for the series. Once you're happy
enough with it to bring it on-list, just post a link for comments.
You will probably want to read the current Quick Start Guide:
There's a bit of dust while we make building improvements, but this
should help you get your feet wet. (Pardon the mixed metaphor, I have
to go put the kids to bed!) Thanks, and we're looking forward to your
Paul W. Frields, RHCE http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
Fedora Documentation Project: http://fedora.redhat.com/projects/docs/