From owner-freebsd-doc@FreeBSD.ORG  Sat Nov 20 02:35:39 2004
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DB37016A4CE
	for <freebsd-doc@freebsd.org>; Sat, 20 Nov 2004 02:35:38 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.171])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3D9CD43D48
	for <freebsd-doc@freebsd.org>; Sat, 20 Nov 2004 02:35:38 +0000 (GMT)
	(envelope-from max@love2party.net)
Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1CVL68-0001Lo-00; Sat, 20 Nov 2004 03:35:36 +0100
Received: from [84.128.130.104] (helo=donor.laier.local)
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.35 #1)
	id 1CVL68-0000K0-00; Sat, 20 Nov 2004 03:35:36 +0100
From: Max Laier <max@love2party.net>
To: freebsd-doc@freebsd.org
Date: Sat, 20 Nov 2004 03:35:49 +0100
User-Agent: KMail/1.7.1
References: <419E4747.6070001@FreeBSD.org> <419E510B.6020800@elvandar.org>
	<20041119203338.GF61766@seekingfire.com>
In-Reply-To: <20041119203338.GF61766@seekingfire.com>
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart4352230.lrONRM7I4I";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200411200335.56638.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:61c499deaeeba3ba5be80f48ecc83056
Subject: Re: Proposal regarding security chapter
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Nov 2004 02:35:39 -0000

--nextPart4352230.lrONRM7I4I
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Friday 19 November 2004 21:33, Tillman Hodgson wrote:
> On Fri, Nov 19, 2004 at 09:01:15PM +0100, Remko Lodder wrote:
> > Tillman Hodgson wrote:
> > >"Firewall", by itself, doesn't feel like an intuitive place to split
> > >topics to me (aside from the convenience of its size).  However, I
> > >can see a natural split between network security and host security.
> > >In that scenario, MAC would become the largest portion of the host
> > >security chapter.
> > >
> > >That still leaves security with 2 chapters, unfortunately. It only
> > >addressed the page count balance between the two chapters.
> >
> > Well, i had a tiny little discussion on EFNet on our docs channel
> > (#bsddocs) and there is another suggestion to make a section V for
> > security and place all security related stuff in there like
> > MAC,Firewalls,Secure system stuff (or whatever it should be named).
>
> I like this idea the best.
>
> Ok, granted, in one of aspects I'm a security consultant and so I'm a
> /little/ biased as to it's importance, but there's a practical benefit
> as well: Each topic gets it's own chapter. And, seriously, some of the
> Security sub-chapters suffer from too-many-sub-level-itis. This would
> alleviate a lot of that.
>
> > I do not think that it's good to place Firewall and Mac into one
> > chapter. But that's perhaps a bit of taste :)
>
> Nope, I agree with you. I was proposing to have a network and a host (or
> local, which Tom suggested for a name) chapter. Firewalling would be in
> the network chapter, MAC would be in the local chapter. This is now my
> second-best ideal, though, after the new Section V idea.

MAC is not strictly local or host, it has it's fingers in the netstack as=20
well. Since MAC is a complete system to look at security I think it's good =
to=20
keep all documentation regarding it in one chapter under the TBD Security t=
op=20
level chapter. The same is true for Firewalls. Though a firewall *is* a vit=
al=20
part of "III. System Administration" as well as "IV. Network Communication"=
=20
the firewall itself is as system to serve on purpose: "V. Security".

I strongly support your point that security is an important topic. Hence, i=
t=20
should be really easy for new and especially advanced users to find the=20
information that relates to security. Moreover, it should be easy to go to =
a=20
specific subtopic within the security scope - such as Firewalls->PF ;) or=20
MAC->Biba. It's not effective to go through several pages just to find thes=
e=20
information.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart4352230.lrONRM7I4I
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQBBnq2MXyyEoT62BG0RAmkAAJ0ch6jru6LxXXl9/I0JP6myGL4WWwCcCoJA
0D+LjnL4StA5HgKSw56eZl8=
=6Z3X
-----END PGP SIGNATURE-----

--nextPart4352230.lrONRM7I4I--