Your message dated Sat, 10 May 2008 02:02:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#480417: fixed in duplicity 0.4.11-1
has caused the Debian Bug report #480417,
regarding Duplicity exposes credentials in the nvironment without need
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
480417: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480417
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
package: duplicity
severity: important
tags: security
Version: 0.4.10-1
The boto class in backends.py requires that AWS_ACCESS_KEY_ID and
AWS_SECRET_ACCESS_KEY be set. However python-boto is perfectly happy
to read these values out of ~/.boto.
The process environment is public; setting passwords i]n the
environment is problematic because everyone on a multi-user system can
read them. Therefore duplicity really should take advanatge of
python-boto's facility for reading passwords out of config files.
All that needs to happen is that the check for these environment
variables needs to be removed.
--- End Message ---
--- Begin Message ---
Source: duplicity
Source-Version: 0.4.11-1
We believe that the bug you reported is fixed in the latest version of
duplicity, which is due to be installed in the Debian FTP archive:
duplicity_0.4.11-1.diff.gz
to pool/main/d/duplicity/duplicity_0.4.11-1.diff.gz
duplicity_0.4.11-1.dsc
to pool/main/d/duplicity/duplicity_0.4.11-1.dsc
duplicity_0.4.11-1_i386.deb
to pool/main/d/duplicity/duplicity_0.4.11-1_i386.deb
duplicity_0.4.11.orig.tar.gz
to pool/main/d/duplicity/duplicity_0.4.11.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Zangerl <[EMAIL PROTECTED]> (supplier of updated duplicity package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 10 May 2008 11:17:39 +1000
Source: duplicity
Binary: duplicity
Architecture: source i386
Version: 0.4.11-1
Distribution: unstable
Urgency: low
Maintainer: Alexander Zangerl <[EMAIL PROTECTED]>
Changed-By: Alexander Zangerl <[EMAIL PROTECTED]>
Description:
duplicity - encrypted bandwidth-efficient backup
Closes: 480417
Changes:
duplicity (0.4.11-1) unstable; urgency=low
.
* New upstream release
* make duplicity accept s3 access credentials from boto config files
and not just the environment (closes: #480417)
Files:
e9c28e7d4fd88e2040068733675846e3 665 utils optional duplicity_0.4.11-1.dsc
8891bb4fa2b5d3f053e6f2c4a91782f2 125827 utils optional
duplicity_0.4.11.orig.tar.gz
e79e2ce9776955fd5860b749841692ce 8929 utils optional duplicity_0.4.11-1.diff.gz
44f92f50a658c9ece834c06bc179c881 127470 utils optional
duplicity_0.4.11-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIJPycpy/2bEK9ZF0RAurfAJ4+ELBPHoukYRR/CXx/4lwAr+dgogCeMFfe
8O5VpZL58BJSR+vkVojQD/4=
=d1ZG
-----END PGP SIGNATURE-----
--- End Message ---
