[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Feature request for GnuPG crypted Debian packages



Scribit Michelle Konzack dies 24/04/2007 hora 16:40:
> I would suggest to add a new header like "Crypted: <gpg_key>" and then
> crypt the data.tar.gz (in the Debian package).

I think you're targetting the wrong layer of the system. If many
packages contain so much sensitive data, it would be easier to encrypt a
tarball or part of a FS where packages are read.

As far as D-I is concerned, you could probably easily add a udeb to deal
with decrypting and unpacking of that senstive part, and leave apt and
dpkg untouched.

On the other hand, if not all the Debian package is sensitive, you
better be encrypting data inside it, and have the application or an
helper decrypt it when needed, maybe in maintainer scripts.

Alternatively,
Pierre
-- 
nowhere.man@levallois.eu.org
OpenPGP 0xD9D50D8A

Attachment: signature.asc
Description: Digital signature


Reply to: