From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1I18Jy-0000EN-0k for garchives@archives.gentoo.org; Wed, 20 Jun 2007 22:06:38 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5KM5bTb020460; Wed, 20 Jun 2007 22:05:37 GMT Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l5KM3GcY017699 for ; Wed, 20 Jun 2007 22:03:16 GMT Received: from TesterServ.TesterNet ([70.83.102.151]) by VL-MH-MR001.ip.videotron.ca (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005)) with ESMTP id <0JJY00GM3FXFU1U0@VL-MH-MR001.ip.videotron.ca> for gentoo-dev@lists.gentoo.org; Wed, 20 Jun 2007 18:03:16 -0400 (EDT) Received: from uucp by TesterServ.TesterNet with local-rmail (Exim 4.63) (envelope-from ) id 1I18Gh-0006YH-EQ for gentoo-dev@lists.gentoo.org; Wed, 20 Jun 2007 18:03:15 -0400 Received: by TesterTop3.tester.ca (Postfix, from userid 1000) id 8CBDC4A4034; Wed, 20 Jun 2007 18:02:45 -0400 (EDT) Date: Wed, 20 Jun 2007 18:02:45 -0400 From: Olivier =?ISO-8859-1?Q?Cr=EAte?= Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages In-reply-to: <200706201719.01571.vapier@gentoo.org> To: gentoo-dev@lists.gentoo.org Message-id: <1182376965.12859.7.camel@localhost> Organization: Gentoo Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-version: 1.0 X-Mailer: Evolution 2.8.3 Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-JFxg+j3zYZJunUicUvir" References: <200706200047.04951.vapier@gentoo.org> <200706201654.35042.vapier@gentoo.org> <20070620220142.629252a4@snowflake> <200706201719.01571.vapier@gentoo.org> X-Archives-Salt: 5d957e13-9729-4e5a-9514-63ccb7eb0713 X-Archives-Hash: 8d211d9082bde546bb5fac8c7aea7a60 --=-JFxg+j3zYZJunUicUvir Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Wed, 2007-20-06 at 17:19 -0400, Mike Frysinger wrote: > On Wednesday 20 June 2007, Ciaran McCreesh wrote: > > On Wed, 20 Jun 2007 16:54:34 -0400 > > > > Mike Frysinger wrote: > > > On Wednesday 20 June 2007, Ciaran McCreesh wrote: > > > > Mike Frysinger wrote: > > > > > being able to generate binary packages that actually reflect the > > > > > live $ROOT is desirable > > > > > > > > Is being able to generate redistributable binary packages that > > > > reflect the live ROOT desirable? > > > > > > that's a feature that exists now that there's no reason to > > > disable ... not that it can be disabled > > > > I'm not suggesting forcibly disabling it, merely marking binary > > packages as "designed for distribution" or "not designed for > > distribution", not accepting the latter on other systems and > > requiring explicit user action to turn the latter into the former. > > > > The specific underlying question being, what are the use cases for > > binary packages? >=20 > the use of the binpkg is not an issue, it's the creation ... people blind= ly=20 > creating tbz2's which could contain their sensitive files and posting the= m >=20 > i'll just go ahead with the feedback from Olivier and have quickpkg skip=20 > CONFIG_PROTECT by default This will by default create potentially broken packages (since many just wont work without their CONFIG_PROTECTed files). That's why I suggested a big fat warning and accepting that we can't protect users against themselves or against social engineering (aka their own stupidity). --=20 Olivier Cr=C3=AAte tester@gentoo.org Gentoo Developer --=-JFxg+j3zYZJunUicUvir Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQBGeaQFHTiOWk7ZorsRAk3WAJ0Q/vcuBfwy8nE4l8nB0joMI6Jd9QCfW98L n3l6EfucGVIR5azamxps3Ug= =Givm -----END PGP SIGNATURE----- --=-JFxg+j3zYZJunUicUvir-- -- gentoo-dev@gentoo.org mailing list