Debian being what it is, are there any reasons why the debian bind package should not be chroot as the default instalation?I recall there being discussion a while back about packaging chroot bind. I don't know whether or not anything came of it at all. There is
One thing that might be a good idea, would be a security review of the main debian packages. It's probably beeing done for some already, but I would guess a lot of debian packages could benefit from even stricter default setups. For example, maybe libsafe should be default inn all installs.
I know this would take some time to implement, but I think it would help the image of debian and linux over time. I'm often frustrated that the big distros (rh, mandrake) doesn't do more to harden their distros. For example the default install of ssh in RH still provides both ssh1 and ssh2 & root login.
I know this is a rant, but maybe it would be wise to think of a way to implement this. At least, put more deamons in chroot jails and get libsafe compiled into every package.
Tarjei