Check what can be used from Subgraph project
Closed, ResolvedPublic

Description

Subgraph is also based on Debian and is closer to our philosophy of implementing security features (make any security addition to PureOS that doesn't break user workflow or slows down significantly the OS).

Be sure to use this as main bug but break into all little pieces parts that you find interesting.

https://github.com/subgraph

Seems they do security tightening - not freedom tightening. Mentioning in case others (like me) misunderstood the description of this bug regarding being "closer to our philosophy".

I dislike how Subgraph overrides setting - I strongly recommend that stuff adopted from Subgraph be applied not similar to their packaging but instead pushed upstream into Debian as patches.

Freedom, security, privacy (and anonymity) that don't hamper everyday workflow or slow down to much is the philosophy.
I trust lamby will do adopt and do things correctly for our side.

chris.lamb triaged this task as "Wishlist" priority.Jun 4 2018, 10:30 AM
zlatan.todoric raised the priority of this task from "Wishlist" to "Needs Triage".Jun 21 2018, 6:06 PM
chris.lamb triaged this task as "Normal" priority.Jun 29 2018, 5:39 PM

Alternatives to the subgraph firewall might include https://douaneapp.com/

Another firewall alternative: https://www.opensnitch.io/

chris.lamb closed subtask T504: Disable core dumps as "Resolved".
chris.lamb closed subtask T505: Randomize VA space, etc as "Resolved".

Tempted to close this issue as there is no clear "next action". Any objections?

chris.lamb closed this task as "Resolved".Sep 10 2018, 8:38 AM

Resolving.

Add Comment