On Wed, Jul 26, 2006 at 12:03:23PM +0200, Max Vozeler wrote: > On Tue, Jul 18, 2006 at 09:42:49PM +0200, Lionel Elie Mamane wrote:
>>> More importantly: The initramfs file in /boot is by default >>> world-readable. If we copy root.gpg into it, it will be readable by >>> all users. Same for files in $rootgpghome. >> I don't see any reason he wouldn't take a patch for both these >> things. Having temp files 0600 wouldn't hurt, so we could have he >> patch do it always. As for the initrd.img-$foo file, ... any reason >> not to also always do it? > I can't think of reasons against it. We should talk with > Maximillian Attems what he thinks can be done. > I've had a quick look at the available hooks today. (...) And it'd > be nicer of course if there was support directly in > initramfs-tools. > At the start of mkinitramfs umask is initialized to 0022. I've filed a bug to ask it to be initialised to 0077. Simplest, easiest. Any hook script can still change it, but if people deliberately break stuff... >>> I think asking only once for the passphrase can be frustrating >>> for users if they make a typo. :-) >> They can reboot :) More seriously, doesn't losetup give the user >> several tries? If not, why not do fix this _there_? > At the moment losetup doesn't support retries. It has a "ask for password twice" option. Doesn't that do it? >> Do you use a VCS of some sort to manage the package? If we both start >> making modifications to the same feature, it would be easier to >> synchronise using it rather than throwing patches around. > Yes, I use SVN. Unfortunately, the "master" repo is on my laptop and > so there is only a read-only mirror available online. That's why distributed systems are so hot :) > I'd be open to using another approach though, like using bzr and > me merging into SVN or something. :-) Probably not worth it as I'm not staying as long-term comaintainer. Emailing patches around will do. -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
