[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#656710: partman-crypto: Preseeding the passphrase

Max Vozeler <xam@debian.org> (2014-07-30):
> On Wed, Jul 30, 2014 at 11:23:28AM +0200, Raphael Hertzog wrote:
> > I have been using this patch in Kali (on top of wheezy's
> > partman-crypto), it would be nice to have this patch merged in time
> > for Jessie.
> > 
> > Dimitrijs, Max or Christian? (You ar listed in Uploaders)
> Two things come to my mind:
> - The feature should have some documentation to explain to users
>   that any preseeded passphrase is to be considered insecure and must
>   be changed after installation, like Olaf suggested perhaps the
>   preseeding template could be a good place.

I think I'll go for a comment in partman-crypto's templates file for
now. I still have to double check how the example preseed file is
maintained, to make sure it contains said warning.

> - I have a vague memory of needing to clear the template value for
>   partman-crypto/passphrase (and passphrase-again) to ensure the
>   passphrase does not end up in the debconf database of the installed
>   system. Could you verify if this is (still?) true?

I'm also verifying this.


Attachment: signature.asc
Description: Digital signature

Reply to: