[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#262507: ITP: resmgr -- resource manager library

Andrew Suffield <asuffield@debian.org> wrote:


>> Could you point out the security issues you see in resmgr ?

[...security implications of fd passing]

> While it may make sense on some public terminals or demonstration
> systems, you do not want it on hosts where device security is
> important.

Of course, that's why I want to avoid having strong dependencies on
resmgrd itself, so it won't be installed behind the admin's back. It
should be possible and easy to install it, but it shouldn't be done

>>  - resmgrd won't be started until configured (no default config
>>    is shipped in the package, only an example config file);
> And that's probably a good idea too (along with documentation that
> clearly states what it does and does *not* do).

This documentation needs to be written, I'll add that to my todo list.

I still need to have a closer look at the code before anything serious
happens (= upload to unstable).


 Julien BLACHE - Debian & GNU/Linux Developer - <jblache@debian.org> 
 Public key available on <http://www.jblache.org> - KeyID: F5D6 5169 
 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 

Reply to: