On 6 Apr 2006, Steve Langasek said this: > I'm calling for a vote on the following resolution regarding bug > #329409. The only proposed amendment, by Raul, has been accepted; > so this is the only option on the ballot (other than further > discussion). > > I vote yes on this resolution. > > Cheers, I vote yes on the resolution below. manoj
Attachment:
pgpeSgr5XQd1c.pgp
Description: PGP signature
WHEREAS 1. It is a limitation of the current device-mapper implementation in Debian that all device nodes managed by libdevmapper are created with the same hard-coded ownership and permissions; and 2. The standard owning group for disk device nodes is group "disk"; and 3. The sole reason for the existence of this group on Debian systems is to control access to disk devices; and 4. The majority of device-mapper nodes expose data that is already available to members of the disk group via the component disks; and 5. The use of a different owning group in these cases therefore makes accessing the data more inconvenient but not more secure; and 6. The exception to the above is dm-crypt, whereby device-mapper nodes expose data that is not available in unencrypted form from the component disks; and 7. No single owning group satisfies all possible use cases for device-mapper; but 8. Users of dm-crypt have the option of not adding users to the disk group that they do not wish to have access to their unencrypted dm-crypt volumes; THE TECHNICAL COMMITTEE: 9. THANKS Bastian Blank for his continued maintenance of the devmapper package in Debian; and 10. ALSO THANKS Roger Leigh for bringing this issue before the committee; and 11. ENCOURAGES the devmapper maintainer to work towards support for configurable device-mapper device permissions in Debian; and 12. DETERMINES that the correct default permissions for all device-mapper nodes is root:disk 0660, with or without support for configurable device permissions; and 13. ASKS (with a 3:1 majority: REQUIRES) the devmapper maintainer to implement these permissions in unstable by applying Roger Leigh's patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329409;msg=87;att=0; and 14. RECOMMENDS policy be updated to reflect this determination on default block device permissions; and 15. AUTHORIZES Roger to implement these same permissions in stable via a non-maintainer upload. -- Darth Vader! Only you would be so bold! Princess Leia Organa Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/> 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C