| 1 |
Mike, |
| 2 |
|
| 3 |
By chance are you ready to submit a cryptoswap-0.03.ebuild? |
| 4 |
|
| 5 |
On Sat, 2003-09-13 at 08:02, mike@××××.org wrote: |
| 6 |
> Your method for supporting encrypted root partitions looks pretty good. Here |
| 7 |
> are some comments: |
| 8 |
> |
| 9 |
> First, I think it is key that the creation of this system is automated and |
| 10 |
> included in the Gentoo installation process. |
| 11 |
> |
| 12 |
> Good: |
| 13 |
> |
| 14 |
> o your idea of not trusting the boot process is great! |
| 15 |
> o your documentation is pretty strong, including kernel configuration |
| 16 |
> |
| 17 |
> Potential room for improvement: |
| 18 |
> |
| 19 |
> o perhaps we can think of a better boot process trust protocol? |
| 20 |
> o why not use romfs instead of minixfs? Is minixfs smaller? |
| 21 |
> o why can't usb and crypto be modules, loaded by linuxrc? (this is kind of |
| 22 |
> picky) |
| 23 |
> o why use GPG when a symetric system will do? |
| 24 |
> o no PPC -- but perhaps I can help, as you mentioned |
| 25 |
> |
| 26 |
> So, great work overall! I am considering whether I should continue to work |
| 27 |
> on my system or begin contributing to yours. Perhaps two competing systems |
| 28 |
> would encourage innovation... |
| 29 |
> |
| 30 |
> By the way, my system is available at |
| 31 |
> http://www.flyn.org/projects/cryptoswap/index.html. |
| 32 |
> |
| 33 |
> -- |
| 34 |
> Mike |
| 35 |
> |
| 36 |
> -- |
| 37 |
> gentoo-hardened@g.o mailing list |
| 38 |
-- |
| 39 |
RSA key ID 2BC75196 http://keyserver.net |
| 40 |
Gentoo Linux Developer (Hardened) http://dev.gentoo.org/~solar |
Archives