From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1I17Gl-0004NR-3v for garchives@archives.gentoo.org; Wed, 20 Jun 2007 20:59:15 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5KKv1FE022839; Wed, 20 Jun 2007 20:57:01 GMT Received: from creativecommunications.com (creativecommunications.com [65.17.124.162]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l5KKrDgu017190 for ; Wed, 20 Jun 2007 20:53:13 GMT Received: from localhost (localhost [127.0.0.1]) by creativecommunications.com (Postfix) with ESMTP id 6B0B268C1B1 for ; Wed, 20 Jun 2007 15:53:13 -0500 (CDT) X-Virus-Scanned: amavisd-new at creativecommunications.com Received: from creativecommunications.com ([127.0.0.1]) by localhost (creativecommunications.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ApYzZR3GYXl1 for ; Wed, 20 Jun 2007 15:53:13 -0500 (CDT) Received: from [192.168.1.80] (unknown [192.168.1.80]) by creativecommunications.com (Postfix) with ESMTP id 4A94468C1A5 for ; Wed, 20 Jun 2007 15:53:13 -0500 (CDT) Message-ID: <467993B9.90707@gentoo.org> Date: Wed, 20 Jun 2007 15:53:13 -0500 From: Andrew Gaffney User-Agent: Thunderbird 2.0.0.4 (X11/20070616) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages References: <200706200047.04951.vapier@gentoo.org> <1182344680.7336.18.camel@TesterBox.tester.ca> <200706201607.07713.vapier@gentoo.org> <20070620211214.0cca11b9@snowflake> <46798BE2.7040300@gentoo.org> <20070620212555.21b99076@snowflake> In-Reply-To: <20070620212555.21b99076@snowflake> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 96cc6787-d2ef-4b6c-ab37-5defc15642b6 X-Archives-Hash: 4aea38a849dcbed5e25d0c5309a66db8 Ciaran McCreesh wrote: > On Wed, 20 Jun 2007 15:19:46 -0500 > Andrew Gaffney wrote: >> I'm not sure that's really a feasible solution (but then you probably >> weren't suggesting it with that intention). Being able to create a >> "backup" of any installed package without re-emerging is pretty >> handy. Many people use it and there would be a revolt if quickpkg >> were removed. > > Then live-filesystem-generated packages could be marked as 'not for > redistribution'. That's certainly a lot more feasible. However, it would have to be marked in some way that portage would recognize, and that marking could still likely be easily removed. This still allows the social engineering attack. Someone can get a binpkg created with quickpkg of someone else's baselayout and then remove the marking that would make portage gripe. -- Andrew Gaffney http://dev.gentoo.org/~agaffney/ Gentoo Linux Developer Catalyst/Installer + x86 release coordinator -- gentoo-dev@gentoo.org mailing list