| 1 |
Marius Mauch wrote: |
| 2 |
> Mike Frysinger <vapier@g.o> wrote: |
| 3 |
>> mayhaps we need a new function to be run in src_install() to label |
| 4 |
>> files as "sensitive" ... so baselayout would do: |
| 5 |
>> esosensitive /etc/{fstab,group,passwd,shadow} |
| 6 |
>> and then we expand the format of CONTENTS in the vdb: |
| 7 |
>> priv /etc/fstab <hash> <mtime> |
| 8 |
> |
| 9 |
> And what would be phase 2 of that? Just having a new filetype |
| 10 |
> in CONTENTS doesn't accomplish anything by itself ... |
| 11 |
> |
| 12 |
I imagine the tools need updating to deal with that (especially quickpkg |
| 13 |
etc.) Of course this needs to be tested thoroughly from a security pov, and |
| 14 |
admins may well decide they don't like the idea (after all a professional |
| 15 |
is going to have their own backup procedures in place already.) If you're |
| 16 |
adding a priv field, tho, you might as well make it a generic attributes |
| 17 |
field imo. Not sure what uses you can come up with, but rcs integration |
| 18 |
springs to mind. |
| 19 |
|
| 20 |
On a wider note, how difficult are these sorts of changes to implement? Only |
| 21 |
we were discussing a satisfiedBy addition to refine system updates on |
| 22 |
#-portage (something to do with slots, unversioned deps and --depclean, but |
| 23 |
I couldn't really follow it all) and that would require change in vdb as |
| 24 |
well, which I was told needed an EAPI bump. So, if y'all are discussing vdb |
| 25 |
changes for EAPI=1 (which aiui is needed yesterday ;) I for one would love |
| 26 |
to know what other changes devs would like to see. |
| 27 |
|
| 28 |
|
| 29 |
-- |
| 30 |
gentoo-dev@g.o mailing list |
Archives