[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

devmapper: call for votes

I'm calling for a vote on the following resolution regarding bug #329409.
The only proposed amendment, by Raul, has been accepted; so this is the only
option on the ballot (other than further discussion).

I vote yes on this resolution.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

WHEREAS

 1. It is a limitation of the current device-mapper implementation in Debian
    that all device nodes managed by libdevmapper are created with the same
    hard-coded ownership and permissions; and

 2. The standard owning group for disk device nodes is group "disk"; and

 3. The sole reason for the existence of this group on Debian systems is
    to control access to disk devices; and

 4. The majority of device-mapper nodes expose data that is already
    available to members of the disk group via the component disks; and

 5. The use of a different owning group in these cases therefore makes
    accessing the data more inconvenient but not more secure; and

 6. The exception to the above is dm-crypt, whereby device-mapper nodes
    expose data that is not available in unencrypted form from the
    component disks; and

 7. No single owning group satisfies all possible use cases for
    device-mapper; but

 8. Users of dm-crypt have the option of not adding users to the disk
    group that they do not wish to have access to their unencrypted 
    dm-crypt volumes;

THE TECHNICAL COMMITTEE:

 9. THANKS Bastian Blank for his continued maintenance of the devmapper
    package in Debian; and

10. ALSO THANKS Roger Leigh for bringing this issue before the
    committee; and

11. ENCOURAGES the devmapper maintainer to work towards support for
    configurable device-mapper device permissions in Debian; and

12. DETERMINES that the correct default permissions for all device-mapper
    nodes is root:disk 0660, with or without support for configurable device
    permissions; and

13. ASKS (with a 3:1 majority: REQUIRES) the devmapper maintainer to
    implement these permissions in unstable by applying Roger Leigh's
    patch from
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329409;msg=87;att=0;
    and

14. RECOMMENDS policy be updated to reflect this determination on
    default block device permissions; and

15. AUTHORIZES Roger to implement these same permissions in stable via a
    non-maintainer upload.

Attachment: signature.asc
Description: Digital signature

Reply to: