Re: #342455

[Anthony Towns <aj@azure.humbug.org.au>]

On Sat, Feb 11, 2006 at 04:47:16PM -0800, Steve Langasek wrote:
> On Sat, Feb 11, 2006 at 07:33:34PM -0500, Raul Miller wrote:
> > On 2/10/06, Steve Langasek <vorlon@debian.org> wrote:
> > > ... follow-up to self: given that crypt-dm sits on top of devmapper, it is
> > > indeed plausible that one would want to prevent members of group disk from
> > > reading the decrypted volume.
> > So don't use group disk in that context.
> Meaning, don't add users to group disk in that context?
> I think I agree.  Being able to use a different group for dm-crypt devices
> seems like a wishlist bug to me, and of lower importance than being able to
> use the *same* group for all other block devices.

So, it seems like we have the following opinions:

    In the long term, have fine grained control that leaves disks as
    root:disk 0660, and other devices with other appropriate groups.
       -- in favour: everyone?

    Immediately, until the above is implemented, have updates to stable
    and unstable of devmapper, that set everything as root:disk 0660
    by default.
       -- in favour: Bdale [0], Raul [1], Steve [2], Anthony [3]
       -- against: Ian [4]
       -- no stated opinion: Andy, Manoj

If the latter's correct, we've got a decision, no? (4/7 means the outcome's
no longer in doubt, as per 6.3(1))

Cheers,
aj

[0] http://lists.debian.org/debian-ctte/2005/12/msg00031.html
[1] http://lists.debian.org/debian-ctte/2006/02/msg00019.html
[2] http://lists.debian.org/debian-ctte/2006/02/msg00031.html
[3] http://lists.debian.org/debian-ctte/2006/02/msg00027.html
[4] http://lists.debian.org/debian-ctte/2006/02/msg00022.html

Attachment: signature.asc
Description: Digital signature