[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: My recent bug's and continuing effort to debconf-ize Debian

>>>>> ""Jürgen" == "Jürgen A Erhard" <juergen.erhard@gmx.net> writes:

    "Jürgen> *If* there's some *valid* reason not to store something
    "Jürgen> in a *root-readable* DB, make it put it somewhere else.
    "Jürgen> In the end, it *gets stored anyway.

Not always the case.

eg consider a package for a certification authority (not that
one is needed, but assume thats not the case here).

You might need a question in the postinst script:

Password to encrypt private key with?

In which case the password is never stored (not even encrypted)
anywhere on the hard disk, just used for the initial encryption.

Sure, ideally nobody should have access to the private key in the
first place. However, if they do manage to steel the key, there is no
good reason why the password should be stored with it. Also consider
the loss of the private key will typically affect the security of more
then just the local computer, too.
Brian May <bam@debian.org>

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: