Gentoo Archives: gentoo-dev

From:	Andrew Gaffney <agaffney@g.o>
To:	gentoo-dev@l.g.o
Subject:	Re: [gentoo-dev] how to handle sensitive files when generating binary packages
Date:	Wed, 20 Jun 2007 20:59:15
Message-Id:	`467993B9.90707@gentoo.org`
In Reply to:	Re: [gentoo-dev] how to handle sensitive files when generating binary packages by Ciaran McCreesh

1	Ciaran McCreesh wrote:
2	> On Wed, 20 Jun 2007 15:19:46 -0500
3	> Andrew Gaffney <agaffney@g.o> wrote:
4	>> I'm not sure that's really a feasible solution (but then you probably
5	>> weren't suggesting it with that intention). Being able to create a
6	>> "backup" of any installed package without re-emerging is pretty
7	>> handy. Many people use it and there would be a revolt if quickpkg
8	>> were removed.
9	>
10	> Then live-filesystem-generated packages could be marked as 'not for
11	> redistribution'.
12
13	That's certainly a lot more feasible. However, it would have to be marked in
14	some way that portage would recognize, and that marking could still likely be
15	easily removed.
16
17	This still allows the social engineering attack. Someone can get a binpkg
18	created with quickpkg of someone else's baselayout and then remove the marking
19	that would make portage gripe.
20
21	--
22	Andrew Gaffney http://dev.gentoo.org/~agaffney/
23	Gentoo Linux Developer Catalyst/Installer + x86 release coordinator
24	--
25	gentoo-dev@g.o mailing list

Subject	Author
Re: [gentoo-dev] how to handle sensitive files when generating binary packages	"William L. Thomson Jr." <wltjr@g.o>
[gentoo-dev] Re: how to handle sensitive files when generating binary packages	Steve Long <slong@××××××××××××××××××.uk>