scope: - will be initially released for VMs (VirtualBox, Qubes, maybe KVM) - "sudo apt-get install hardened-debian-cli" will be possible on bare metal Debian hosts, in other words installations of Debian can be easily converted into Hardened Debian by installing the hardened-debian-cli or other hardened debian package - maybe later available as ISO for installation on hardware depending on community interest and support hardening by default in Hardened Debian version 1: - install haveged by default for better entropy - sdwdate rather than insecure NTP - security-misc (deactivates previews in Dolphin; deactivates previews in Nautilus; deactivates TCP timestamps; deactivates Netfilter's connection tracking helper - open-link-confirmation - enable apparmor by default - available apparmor profiles - hopefully spectre / meltdown resistant by default hardening by default in Hardened Debian version 2: - hardened browser (Tor Browser without Tor) hardening by default in Hardened Debian version 3: - better kernel version usability by default: - https://github.com/Whonix/shared-folder-help - https://github.com/Whonix/usability-misc desktop environment: initially will be available most likely for: - CLI only (console only, no desktop environment) - KDE Later on likely for: - XFCE vision: - computer security community is larger than computer anonymity community - we can work on a shared interest that is security - we apply as many security settings by default - we apply as much as default from - Hardened Debian will be the base for Whonix - Anonymous Operating System (Whonix is applying most of above already anyhow) development status of version 1: - approximately 50% done - meta package "hardened-debian-kde" and "hardened-debian-cli" exist - https://github.com/Whonix/anon-meta-packages/blob/master/debian/control - most packages working (since reused from Whonix) - build script ready (--flavor hardened-debian-kde / --hardened-debian-cli) - builds successfully temporary homepage: https://www.whonix.org/wiki/Hardened_Debian About me: I am the founder and a maintainer of the Debian Linux and Tor based Whonix - Anonymous Operating System. Questions: Are you interested in Hardened Debian? What do you think? What would you like to see? Any suggestions?