From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1I0zuC-0000Fo-1C for garchives@archives.gentoo.org; Wed, 20 Jun 2007 13:07:29 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5KD6P4b007413; Wed, 20 Jun 2007 13:06:25 GMT Received: from tomts22-srv.bellnexxia.net (bc.sympatico.ca [209.226.175.184]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l5KD4XhW005204 for ; Wed, 20 Jun 2007 13:04:34 GMT Received: from TesterBox.tester.ca ([69.159.126.94]) by tomts22-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id <20070620130431.TIXC875.tomts22-srv.bellnexxia.net@TesterBox.tester.ca> for ; Wed, 20 Jun 2007 09:04:31 -0400 Received: by TesterBox.tester.ca (Postfix, from userid 1000) id 190D998050A; Wed, 20 Jun 2007 09:04:41 -0400 (EDT) Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages From: Olivier =?ISO-8859-1?Q?Cr=EAte?= To: gentoo-dev@lists.gentoo.org In-Reply-To: <200706200047.04951.vapier@gentoo.org> References: <200706200047.04951.vapier@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-b2uphQmmdY4QfQwXXPwG" Organization: Gentoo Date: Wed, 20 Jun 2007 09:04:40 -0400 Message-Id: <1182344680.7336.18.camel@TesterBox.tester.ca> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.8.3 X-Archives-Salt: a811b406-80b6-4bab-ba92-6e7a9de4a3e7 X-Archives-Hash: 7fc36855c3318b2f62e2b6cc2bc659ab --=-b2uphQmmdY4QfQwXXPwG Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable On Wed, 2007-20-06 at 00:47 -0400, Mike Frysinger wrote: > there are many files out there that contain critical information about yo= ur=20 > system ...=20 > however, there are certainly cases where the admin fully knows what they'= re=20 > doing and they want to create a binary package of their system with these= =20 > sensitive files ... so where to meet in the middle. > any other potential ideas ? (pretend my idea here isnt the greatest thin= g=20 > since Robot Chicken) I will claim that almost any file in /etc is potentially sensitive (even if it does not contain passwords, if may contain other informations interesting to a cracker). And even if we did what you propose, we'd run the risk of missing some and giving the user a false sense of security. Maybe we should document somewhere that the only way to make bin pkg that are safe for public distribution is to do emerge -b or -B .. And that pkgs built with quickpkg may contain sensitive information. --=20 Olivier Cr=EAte tester@gentoo.org Gentoo Developer --=-b2uphQmmdY4QfQwXXPwG Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQBGeSXoHTiOWk7ZorsRAojVAJ0crZ0LUJS74cdfo5yRlwsx2qznVwCcCVRI t5YwWM6q8AXAarcrUqvyv24= =CHbN -----END PGP SIGNATURE----- --=-b2uphQmmdY4QfQwXXPwG-- -- gentoo-dev@gentoo.org mailing list