| 1 |
Just forwarding it to the list, as I seemed to have left out the list on |
| 2 |
my last email. |
| 3 |
|
| 4 |
|
| 5 |
> Hi Tom, |
| 6 |
> |
| 7 |
> The first approach (new tripwire-<package>) ebuilds could be done without |
| 8 |
> directly involving the package maintainer, but as you point out, would |
| 9 |
> increase the number of ebuilds. I doubt we'd get to the stage of |
| 10 |
> duplicating every package in portage however - that's a major job ;-) |
| 11 |
> |
| 12 |
> The second approach would be, where each package is 'tripwire aware' is |
| 13 |
> definitely the cleanest solution, but requires input from package |
| 14 |
> maintainers. |
| 15 |
> |
| 16 |
> A third possible solution would be to develop a standalone package which |
| 17 |
> contains <package> -> policy mappings for many packages. It could |
| 18 |
> perhaps, scan the emerge log or /var/db/pkg and create conf.d/ entries |
| 19 |
> accordingly. |
| 20 |
> |
| 21 |
> |
| 22 |
> -Ronan |
| 23 |
> |
| 24 |
> On Thu, 25 Mar 2004, Tom Hosiawa wrote: |
| 25 |
> |
| 26 |
> > > I had a quick look at this a couple of months ago, however it's not an |
| 27 |
> > > easy task. I think the simplest way to do it would be to take the conf.d/ |
| 28 |
> > > approach many packages use. Multiple tripwire-<package> ebuilds could |
| 29 |
> > > be created which could be emerged to populate this directory - or the |
| 30 |
> > > <package> ebuild could place files in this directory. |
| 31 |
> > |
| 32 |
> > Do you mean having a tripwire-<package> ebuild for every package in |
| 33 |
> > portage? I think this would take to much effort, considering how many |
| 34 |
> > packages are already in portage. |
| 35 |
> > |
| 36 |
> > Now if each package ebuild would put entries in conf.d that need to be |
| 37 |
> > protected, that might be possible. But would this not be placing too |
| 38 |
> > much burden on every package maintainer? |
| 39 |
> > |
| 40 |
> > Tom |
| 41 |
|
| 42 |
|
| 43 |
-- |
| 44 |
gentoo-security@g.o mailing list |
Archives