From owner-freebsd-doc@FreeBSD.ORG Sat Nov 20 03:00:05 2004 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 753C716A4CE for ; Sat, 20 Nov 2004 03:00:05 +0000 (GMT) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id E818E43D1F for ; Sat, 20 Nov 2004 03:00:03 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 82E08193; Fri, 19 Nov 2004 21:00:01 -0600 (CST) Date: Fri, 19 Nov 2004 21:00:01 -0600 From: Tillman Hodgson To: freebsd-doc@freebsd.org Message-ID: <20041120030001.GI61766@seekingfire.com> References: <419E4747.6070001@FreeBSD.org> <419E510B.6020800@elvandar.org> <20041119203338.GF61766@seekingfire.com> <200411200335.56638.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200411200335.56638.max@love2party.net> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/personal/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers X-Tillman-rules: yes he does User-Agent: Mutt/1.5.6i Subject: Re: Proposal regarding security chapter X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Nov 2004 03:00:05 -0000 On Sat, Nov 20, 2004 at 03:35:49AM +0100, Max Laier wrote: > On Friday 19 November 2004 21:33, Tillman Hodgson wrote: > > > > Nope, I agree with you. I was proposing to have a network and a host > > (or local, which Tom suggested for a name) chapter. Firewalling > > would be in the network chapter, MAC would be in the local chapter. > > This is now my second-best ideal, though, after the new Section V > > idea. > > MAC is not strictly local or host, it has it's fingers in the netstack > as well. True enough. The Section V idea seems to manage this by avoiding the issue. I often find that good solutions don't solve a problem, they make it no longer relevent ;-) > Since MAC is a complete system to look at security I think it's good > to keep all documentation regarding it in one chapter under the TBD > Security top level chapter. The same is true for Firewalls. Though a > firewall *is* a vital part of "III. System Administration" as well as > "IV. Network Communication" the firewall itself is as system to serve > on purpose: "V. Security". > > I strongly support your point that security is an important topic. > Hence, it should be really easy for new and especially advanced users > to find the information that relates to security. Moreover, it should > be easy to go to a specific subtopic within the security scope - such > as Firewalls->PF ;) or MAC->Biba. It's not effective to go through > several pages just to find these information. I think you're agreeing with me, but I'm not sure ;-) Currently we have: III System Administration -> Security -> MAC -> Biba III System Administration -> Security -> Firewalls -> PF III System Administration -> Security -> Kerberos5 (I'm the Kerberos guy, so I used that as one of the examples ... I have selfish motives too, yanno ;-)). The proposal is to turn this into this: V System Administration -> MAC -> Biba V System Administration -> Firewalls -> PF V System Administration -> Kerberos5 Basically putting all of the security topics on equal footing. This highlights the importance of security, makes individual topics easier to find (and less "deep" in level), I think that you're saying the same thing but I figured it was worthwhile to spell it out explicitly just in case I'm not the only one who was unclear. -T -- Freedom is an elusive concept. Some men hold themselves prisoner even when they have the power to do as they please and go where they choose, while others are free in their hearts, even as shackles restrain them. - Zensunni Wisdom from the Wandering