1 |
Is there any reason that these two types of setups (mikes, and what your |
2 |
working on) could no coexist? |
3 |
|
4 |
On Mon, 2003-08-25 at 13:54, Boyd Waters wrote: |
5 |
> -----BEGIN PGP SIGNED MESSAGE----- |
6 |
> Hash: SHA1 |
7 |
> |
8 |
> Ned Ludd wrote: |
9 |
> |
10 |
> | *) Needs to work for 2.4.x & 2.6.x |
11 |
> | *) We would like them to have is an automated method of doing this from |
12 |
> | the live-cd |
13 |
> | *) Need Gentoo HOWTO / instructions written. |
14 |
> | *) The storage medium should be abstracted. |
15 |
> | usb, stick memory, floppy, cd, etc.. any of those should be able to |
16 |
> | store the keys |
17 |
> | *) Solution must pass public critique process. eg: win the approval of |
18 |
> | this list. |
19 |
> | *) Talk is cheap so show us the code. |
20 |
> |
21 |
> |
22 |
> I agree that any solution that individuals have come up with is not very |
23 |
> interesting until it is pacakged and tested so that many people can use it. |
24 |
> |
25 |
> Perhaps we need to re-set expectations a bit: although many have met |
26 |
> with success with loop-AES, for example, the encrypted-root procedure |
27 |
> that is automated by loop-AES has NEVER worked for me. |
28 |
> |
29 |
> ~From the encrypted-disk thread on forums.gentoo.org, it is clear that |
30 |
> many users are all too ready to trust any sort of documented procedure |
31 |
> and are quite willing to Cuisinart their data without getting into |
32 |
> encruypted-root in an incremental way. |
33 |
> |
34 |
> The reason you haven't seen more writted stuff from me on this is |
35 |
> because I am trying to TEST this stuff before sharing it with others. |
36 |
> Particularly for an ecrypted root system, this takes a bit of time. |
37 |
> |
38 |
> Mike has an initrd system that seems to work. I tried to test this last |
39 |
> week but did not have spare time. I have to have about three hours of |
40 |
> quiet time to test something like this in a useful (i.e. reproducable) way. |
41 |
> |
42 |
> So my talk will be cheap for quite some time, I expect. |
43 |
> |
44 |
> - - boyd |
45 |
> |
46 |
> -----BEGIN PGP SIGNATURE----- |
47 |
> Version: GnuPG v1.2.2 (GNU/Linux) |
48 |
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
49 |
> |
50 |
> iD8DBQE/Sk1T0is8k1r0QeURAsh1AJ9Y8ABsTxbIyEKVDdKYbtV0xWAYggCfZoaX |
51 |
> vhtvfGya3m63vS9UajMUbEA= |
52 |
> =Zbon |
53 |
> -----END PGP SIGNATURE----- |
54 |
> |
55 |
> |
56 |
> -- |
57 |
> gentoo-hardened@g.o mailing list |
58 |
-- |
59 |
Ned Ludd <solar@g.o> |
60 |
Gentoo Linux Developer (Hardened) |