From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1I104j-0002yC-RA for garchives@archives.gentoo.org; Wed, 20 Jun 2007 13:18:22 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5KDHC29011842; Wed, 20 Jun 2007 13:17:12 GMT Received: from mail-out.m-online.net (mail-out.m-online.net [212.18.0.10]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l5KDFMRs009668 for ; Wed, 20 Jun 2007 13:15:22 GMT Received: from mail01.m-online.net (mail.m-online.net [192.168.3.149]) by mail-out.m-online.net (Postfix) with ESMTP id 856A424C3E6 for ; Wed, 20 Jun 2007 15:15:09 +0200 (CEST) Received: from gauss.x.fun (DSL01.83.171.191.158.ip-pool.NEFkom.net [83.171.191.158]) by mail.nefkom.net (Postfix) with ESMTP id E210B902B8 for ; Wed, 20 Jun 2007 15:15:21 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by gauss.x.fun (Postfix) with ESMTP id 8151D167A10 for ; Wed, 20 Jun 2007 15:15:21 +0200 (CEST) From: Matthias Schwarzott To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages Date: Wed, 20 Jun 2007 15:15:20 +0200 User-Agent: KMail/1.9.7 References: <200706200047.04951.vapier@gentoo.org> <1182344680.7336.18.camel@TesterBox.tester.ca> In-Reply-To: <1182344680.7336.18.camel@TesterBox.tester.ca> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200706201515.20684.zzam@gentoo.org> X-Archives-Salt: c195e982-6504-43fe-975a-e86f854175c0 X-Archives-Hash: b1d0a5c6e0b6fd42838b787298247ada On Mittwoch, 20. Juni 2007, Olivier Cr=EAte wrote: > > I will claim that almost any file in /etc is potentially sensitive (even > if it does not contain passwords, if may contain other informations > interesting to a cracker). And even if we did what you propose, we'd run > the risk of missing some and giving the user a false sense of security. > > Maybe we should document somewhere that the only way to make bin pkg > that are safe for public distribution is to do emerge -b or -B .. And > that pkgs built with quickpkg may contain sensitive information. If there is smart conf-file updating inside pkg_preinst(), I think even=20 emerge -b could be unsafe. Matthias =2D-=20 Matthias Schwarzott (zzam) -- gentoo-dev@gentoo.org mailing list