Date: Mon, 22 Nov 2004 08:47:27 -0600 From: Tillman Hodgson <tillman@seekingfire.com> To: freebsd-doc@freebsd.org Subject: Re: Proposal regarding security chapter Message-ID: <20041122144727.GY61766@seekingfire.com> In-Reply-To: <20041122005112.GA73187@freebsdmall.com> References: <419E4747.6070001@FreeBSD.org> <419E510B.6020800@elvandar.org> <20041119203338.GF61766@seekingfire.com> <200411200335.56638.max@love2party.net> <20041120030001.GI61766@seekingfire.com> <20041122005112.GA73187@freebsdmall.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 21, 2004 at 04:51:12PM -0800, Murray Stokely wrote: > On Fri, Nov 19, 2004 at 09:00:01PM -0600, Tillman Hodgson wrote: > > V System Administration -> MAC -> Biba > > V System Administration -> Firewalls -> PF > > V System Administration -> Kerberos5 > > I think you mean 'Security' here. As in a new Security <part>, rather > than two <parts> named 'System Administration'. Yes. > > Basically putting all of the security topics on equal footing. This > > highlights the importance of security, makes individual topics easier to > > find (and less "deep" in level), > > Adding a new part and pushing the total chapter count to 30 is going > to remove some of "easier to find" justification. I find that a finely-grained ToC is generally more useful, *especially* in a reference manual. > This would also move content about SSH and MAC away from chapters > about NIS, Unix accounts, other network services, etc. I don't have a problem with that. MAC has its own chapter and there's a proposal to make Firewalls its own chapter. I think that this trend will continue as more detailed documentation is written about the various security topics. As a hypothetical end user looking for Security information, if I look in III System Administration -> Security I'm no longer getting the whole picture. It's become a "Where's Waldo?" adventure :-) > I like the original suggestion best: moving the firewall (and OpenSSH > sections) out of security and into the Network Services <part>. > Network Services is our newest part, and the System Admin part has > twice as many chapters as the Network Services <part>. We should just > continue the work that began this summer of moving the network bits > out of the general System Administration part and into the Network > Services part. That's what it was created for. iI agree with you as far as network services are concerned. However, I think that Security is a different topic than network services (albeit with some overlap). I guess my concern boils down to this: A hypothetical user who wants to learn about security w.r.t FreeBSD *but doesn't yet know the right buzzwords* doesn't have a place to look. They might be able to pick it up by osmosis if they read two of the largest sections of the Handbook, but I don't consider that a good solution. I admit to bit of bias in this area. In another of my aspects I'm a security consultant so I tend to advocate making security information as prominent and accessible as possible. > I don't think adding another <part> for Security issues is a logical > division point with just two candidate chapters at this point. Perhaps poor communication on my part, as I wasn't proposing to create a new <part> for only two chapters. Most of the sub-chapters within the existing Security chapter could easily be promoted to full chapters. For example, I have a patch for Kerberos5 being reviewed (hopefully ;-)) that will, as a by-product of covering more sub-topics, expand the sub-chapter by a noticable amount. My plan is to next write a second patch to cover the use of OpenSSH in a Kerberos environment. At that point it'll be almost unwieldy as a sub-chapter. I believe that it would be much better organized if it was a chapter rather than a subchapter -- it's now organized into broad section that would work well in that format, and when I see headings like "14.8.1.2.1" it's starting to resemble SNMP OIDs ;-) > Security topics are integral to both System Administration and Network > Services, and we shouldn't remove security information from those > parts to make a new one. Or, from a security guys point of view, security topics transcends both system administration and network services and we shouldn't be burying the security information ;-) > All of these proposals seem to have two things in common : > > 1. The security chapter is too big. > 2. The firewalls information should go into a separate chapter. I'd add: 3. Some of the security chapter sub-chapters are getting awfully large for the format 4. Making security information prominent and detailed is a worthwhile goal for the Handbook > Moving a chapter between parts is easy. So how about splitting out > the firewall content into a new 'firewalls/chapter.sgml' file, and > then temporarily adding this into the Network Services part. > > If it turns out that people do feel there is enough content for a > whole new <part> dedicated to security, then it will just be a one > line diff to move the firewalls chapter from the network <part> to a > new security <part>. Sure, I have no problems with interim solutions. It's the same work either way, and "results trump theory" :-) - Tillman -- | <- You must be smarter than this stick to ride the Internet -- Mike Handler, paraphrased from Bev White
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041122144727.GY61766>