Earlier I had blogged on a more secure setting that would be suitable for wide-spread distribution. Such an environment can be created in Gentoo Linux relatively easily, if you're already a Gentoo user. Unfortunately, the learning curve needed for Gentoo is out of the reach of many people, and Gentoo is not always feasible anyway. Other distributions have to take up these enhancements in order to bring them to the average Linux user.
The Hardened Debian project is working towards these goals on Debian. They have more than just PaX and SSP in their goals, and show great promise. Rather than make a Debian-based distribution, they chose to modify the Debian tools and present the results to Debian itself, in the hopes that they would accept and use these modifications. This would bring a more secure environment to a large chunk of the Open Source community.
Ubuntu Linux ties in closely with Debian, not only with the development tools but also with the developer base. There are many Ubuntu developers who are also Debian developers. These distributions are tied closely enough that successful deployment in Debian will most likley be inherited by Ubuntu; and that successful deployment in Ubuntu will most likely cause enough of a stir in Debian for the efforts to move upwards into Debian.
The Ubuntu developers have been promisingly open to security advancements. The focus of the Hardened Debian project now includes Ubuntu Linux; deployment will likely first occur there. This would be good; Ubuntu is on a 6 month release cycle, which means a working release should be out faster than it would be with Debian. This will aid in demonstrating to Debian the advantages of the Hardened Debian efforts, and may even influence the (Sarge+1) release.
So, keep your eyes to Ubuntu. There's been no official announcements, but I have a feeling that the efforts of The PaX Team, Brad/Spender of GrSecurity, Etoh and Yoda, The Adamantix Team, The Hardened Gentoo Team, and The Hardened Debian Team will finally emerge to the average user there. It's either them or Debian.