On Wednesday 20 June 2007, Olivier Crête wrote:
> On Wed, 2007-20-06 at 00:47 -0400, Mike Frysinger wrote:
> > there are many files out there that contain critical information about
> > your system ...
> >
> > however, there are certainly cases where the admin fully knows what
> > they're doing and they want to create a binary package of their system
> > with these sensitive files ... so where to meet in the middle.
> >
> > any other potential ideas ?  (pretend my idea here isnt the greatest
> > thing since Robot Chicken)
>
> I will claim that almost any file in /etc is potentially sensitive (even
> if it does not contain passwords, if may contain other informations
> interesting to a cracker). And even if we did what you propose, we'd run
> the risk of missing some and giving the user a false sense of security.

dont limit yourself to /etc, we're really talking CONFIG_PROTECT ... i wanted 
to avoid that large envelop as there are plenty of files in there which would 
never be of concern (mime.types?), but perhaps it's the only sane way to 
go ... we say anything that is CONFIG_PROTECT-ed is (by nature) potentially 
sensitive rather than expanding the ebuild API to have ebuild writers 
explicitly mark things ...

> Maybe we should document somewhere that the only way to make bin pkg
> that are safe for public distribution is to do emerge -b or -B .. And
> that pkgs built with quickpkg may contain sensitive information.

seriously, come on, you dont really expect people to read such things ?

no reason to write off something critical like this when it can be addressed
-mike