Andrew Gaffney wrote: > Ciaran McCreesh wrote: >> Andrew Gaffney wrote: >>> I'm not sure that's really a feasible solution (but then you probably >>> weren't suggesting it with that intention). Being able to create a >>> "backup" of any installed package without re-emerging is pretty >>> handy. Many people use it and there would be a revolt if quickpkg >>> were removed. >> >> Then live-filesystem-generated packages could be marked as 'not for >> redistribution'. > > That's certainly a lot more feasible. However, it would have to be marked > in some way that portage would recognize, and that marking could still > likely be easily removed. > It's more feasible than banning the creation of packages from a running system, that's true. The original solution doesn't seem so infeasible to me though.. I have a feeling this is more about an alternative bin format ;)
> This still allows the social engineering attack. Someone can get a binpkg > created with quickpkg of someone else's baselayout and then remove the > marking that would make portage gripe. > Agreed. As a user, I'd much rather just be able to quickpkg whenever I choose, and know that the system will not allow sensitive files to be copied. Starting with /etc/shadow and the like is great by me, as I'm fairly sure there'll be a sensible plain-text config file I can edit by hand if I need to. If I were to allow such files to be copied, I'd like a warning. Yes I mess up sometimes, so what? I'm the user, it's expected ;p -- [EMAIL PROTECTED] mailing list
