-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear debian-boot people; it was suggested to me that debian-boot might be a proper forum to ask for interested sponsors for our software package "Mandos", which we just released as version 1.0.3.
It builds these binary packages: mandos - a server giving encrypted passwords to Mandos clients mandos-client - do unattended reboots with an encrypted root file system The goal of the Mandos system is to enable server computers to have an encrypted root file system and still be able to reboot automatically without anyone having to be there and type in a password. What happens is that we run a small Mandos client program at boot time in the initial RAM disk environment (initrd), before even networking is configured, using IPv6 link-local addresses. The Mandos client connects to the Mandos server. The Mandos clients each have an OpenPGP key, which they use to handshake as TLS *servers* to the Mandos server, which in turn handshakes as a TLS *client*. The Mandos server does not have a key, but computes the fingerprint of the OpenPGP key received from the Mandos client and looks up that fingerprint in an internal list, and, if the fingerprint is found, sends the corresponding binary blob to the client. The binary blob is an encrypted password, which is then decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system, whereupon the computers can continue booting normally. The server with the passwords continually checks that the client computers are still up, and if the client is gone for more than a configurable length of time, the server no longer gives out the password for that client. Please read the FAQ in the README file for more information on the security model: http://bzr.fukt.bsnet.se/loggerhead/mandos/trunk/annotate/head:/README Oh yes, the project's home page: http://www.fukt.bsnet.se/mandos We use the Debian-specific features of the cryptsetup package for installing into the initial RAM disk image. We also replace and supplant the functionality currently supplied by the "askpass" program; we instead use a system of plugins started in parallel - see the web site, README file, and the documentation for the plugin runner program for more information: http://www.fukt.bsnet.se/mandos/man/plugin-runner.8mandos The package appears to be lintian clean. The upload would fix these bugs: 500727, 509398, 509653 The package can be found on mentors.debian.net: - - URL: http://mentors.debian.net/debian/pool/main/m/mandos - - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - - dget http://mentors.debian.net/debian/pool/main/m/mandos/mandos_1.0.3-1.dsc I would be glad if someone uploaded this package for me. Kind regards Teddy Hogeborn, Björn Påhlsson - -- The Mandos Project http://www.fukt.bsnet.se/mandos -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJYs8GOWBmT5XqI90RAnmlAJwM0mynE4/uogRGm3SxIZpU5eXVuwCgn5NZ 6he45TH3qkNszePsualVOM4= =aFLd -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org