[gentoo-dev] Re: how to handle sensitive files when generating binary packages

[Steve Long <slong@rathaus.eclipse.co.uk>]

Andrew Gaffney wrote:
> Ciaran McCreesh wrote:
>> Andrew Gaffney wrote:
>>> I'm not sure that's really a feasible solution (but then you probably
>>> weren't suggesting it with that intention). Being able to create a
>>> "backup" of any installed package without re-emerging is pretty
>>> handy. Many people use it and there would be a revolt if quickpkg
>>> were removed.
>> 
>> Then live-filesystem-generated packages could be marked as 'not for
>> redistribution'.
> 
> That's certainly a lot more feasible. However, it would have to be marked
> in some way that portage would recognize, and that marking could still
> likely be easily removed.
> 
It's more feasible than banning the creation of packages from a running
system, that's true. The original solution doesn't seem so infeasible to me
though.. I have a feeling this is more about an alternative bin format ;)

> This still allows the social engineering attack. Someone can get a binpkg
> created with quickpkg of someone else's baselayout and then remove the
> marking that would make portage gripe.
> 
Agreed. 

As a user, I'd much rather just be able to quickpkg whenever I choose, and
know that the system will not allow sensitive files to be copied. Starting
with /etc/shadow and the like is great by me, as I'm fairly sure there'll
be a sensible plain-text config file I can edit by hand if I need to. If I
were to allow such files to be copied, I'd like a warning. Yes I mess up
sometimes, so what? I'm the user, it's expected ;p


-- 
gentoo-dev@gentoo.org mailing list