From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-12878-garchives=archives.gentoo.org@gentoo.org>)
	id 1FgsRG-0003uy-Ij
	for garchives@archives.gentoo.org; Fri, 19 May 2006 00:01:55 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k4J00a35013405;
	Fri, 19 May 2006 00:00:36 GMT
Received: from smtp-out5.blueyonder.co.uk (smtp-out5.blueyonder.co.uk [195.188.213.8])
	by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k4INsbc2010345
	for <gentoo-dev@lists.gentoo.org>; Thu, 18 May 2006 23:54:37 GMT
Received: from [172.23.170.137] (helo=anti-virus01-08)
	by smtp-out5.blueyonder.co.uk with smtp (Exim 4.52)
	id 1FgsKD-0002qt-O0
	for gentoo-dev@lists.gentoo.org; Fri, 19 May 2006 00:54:37 +0100
Received: from [213.121.151.206] (helo=snowdrop.home)
	by asmtp-out4.blueyonder.co.uk with esmtpa (Exim 4.52)
	id 1FgsKC-0005g5-6V
	for gentoo-dev@lists.gentoo.org; Fri, 19 May 2006 00:54:36 +0100
Date: Fri, 19 May 2006 00:54:14 +0100
From: Ciaran McCreesh <ciaran.mccreesh@blueyonder.co.uk>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Signing everything, for fun and for profit
Message-ID: <20060519005414.6d252ec3@snowdrop.home>
In-Reply-To: <20060519015329.0fdeef6a@c1358217.kevquinn.com>
References: <1147988717.32416.51.camel@localhost>
	<20060519015329.0fdeef6a@c1358217.kevquinn.com>
X-Mailer: Sylpheed-Claws 2.1.1 (GTK+ 2.8.17; i686-pc-linux-gnu)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 4f6f0458-51a6-41a4-a69c-a6de8d3bf80c
X-Archives-Hash: 3e10f38116864e0b2d42a52e8a4544b5

On Fri, 19 May 2006 01:53:29 +0200 "Kevin F. Quinn"
<kevquinn@gentoo.org> wrote:
| obviously header.txt and skel.* aren't important.  scripts isn't too
| important either, although a manifest-style file in there wouldn't be
| difficult.  licenses and metadata don't have any security impact so
| there's little point there, also.

metadata has security impact.

| do profiles present a security risk?  Perhaps by masking/unmasking
| fixed/vulnerable versions of packages.

Or by using a bashrc, perhaps? Profiles most definitely do have
security impact.

-- 
Ciaran McCreesh
Mail            : ciaran dot mccreesh at blueyonder.co.uk


-- 
gentoo-dev@gentoo.org mailing list