1 |
Just forwarding it to the list, as I seemed to have left out the list on |
2 |
my last email. |
3 |
|
4 |
|
5 |
> Hi Tom, |
6 |
> |
7 |
> The first approach (new tripwire-<package>) ebuilds could be done without |
8 |
> directly involving the package maintainer, but as you point out, would |
9 |
> increase the number of ebuilds. I doubt we'd get to the stage of |
10 |
> duplicating every package in portage however - that's a major job ;-) |
11 |
> |
12 |
> The second approach would be, where each package is 'tripwire aware' is |
13 |
> definitely the cleanest solution, but requires input from package |
14 |
> maintainers. |
15 |
> |
16 |
> A third possible solution would be to develop a standalone package which |
17 |
> contains <package> -> policy mappings for many packages. It could |
18 |
> perhaps, scan the emerge log or /var/db/pkg and create conf.d/ entries |
19 |
> accordingly. |
20 |
> |
21 |
> |
22 |
> -Ronan |
23 |
> |
24 |
> On Thu, 25 Mar 2004, Tom Hosiawa wrote: |
25 |
> |
26 |
> > > I had a quick look at this a couple of months ago, however it's not an |
27 |
> > > easy task. I think the simplest way to do it would be to take the conf.d/ |
28 |
> > > approach many packages use. Multiple tripwire-<package> ebuilds could |
29 |
> > > be created which could be emerged to populate this directory - or the |
30 |
> > > <package> ebuild could place files in this directory. |
31 |
> > |
32 |
> > Do you mean having a tripwire-<package> ebuild for every package in |
33 |
> > portage? I think this would take to much effort, considering how many |
34 |
> > packages are already in portage. |
35 |
> > |
36 |
> > Now if each package ebuild would put entries in conf.d that need to be |
37 |
> > protected, that might be possible. But would this not be placing too |
38 |
> > much burden on every package maintainer? |
39 |
> > |
40 |
> > Tom |
41 |
|
42 |
|
43 |
-- |
44 |
gentoo-security@g.o mailing list |