Subgraph is also based on Debian and is closer to our philosophy of implementing security features (make any security addition to PureOS that doesn't break user workflow or slows down significantly the OS).
Be sure to use this as main bug but break into all little pieces parts that you find interesting.
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | chris.lamb | T310 Check what can be used from Subgraph project | ||
| Resolved | chris.lamb | T503 Enable Exec Shield | ||
| Resolved | chris.lamb | T504 Disable core dumps | ||
| Resolved | chris.lamb | T505 Randomize VA space, etc | ||
| Resolved | chris.lamb | T516 Add pureos-security-hardening to default desktop install | ||
| Wontfix | chris.lamb | T517 Look into moving pureos-security-hardening into Debian |
Seems they do security tightening - not freedom tightening. Mentioning in case others (like me) misunderstood the description of this bug regarding being "closer to our philosophy".
I dislike how Subgraph overrides setting - I strongly recommend that stuff adopted from Subgraph be applied not similar to their packaging but instead pushed upstream into Debian as patches.
Freedom, security, privacy (and anonymity) that don't hamper everyday workflow or slow down to much is the philosophy.
I trust lamby will do adopt and do things correctly for our side.