So far our efforts on security side have been limited to fixing bugs that could be considered vulnerabilities. That's getting a bit low standard as the industry develops.
These days any public freeciv server ought to run in either a virtual machine dedicated to it, or docker. While those things are something for the admins of the servers to set up, and there should be nothing in freeciv making that even especially hard, we could provide material to guide those admins toward safer server setups.
As the lowest hanging fruit in this, we could provide "standard" Dockerfile for running freeciv server.
Speaking of Docker, that could also ease our long standing issue of part of team always running too old OS to build all the features of the development version freeciv. With a docker build environment with a fresh OS they could at least test that their changes build.
So far our efforts on security side have been limited to fixing bugs that could be considered vulnerabilities. That's getting a bit low standard as the industry develops.
These days any public freeciv server ought to run in either a virtual machine dedicated to it, or docker. While those things are something for the admins of the servers to set up, and there should be nothing in freeciv making that even especially hard, we could provide material to guide those admins toward safer server setups.
As the lowest hanging fruit in this, we could provide "standard" Dockerfile for running freeciv server.
Speaking of Docker, that could also ease our long standing issue of part of team always running too old OS to build all the features of the development version freeciv. With a docker build environment with a fresh OS they could at least test that their changes build.