Re: Allow encfs into jessie?
Hallo,
* Jan Niehusmann [Thu, Sep 11 2014, 12:12:08PM]:
> The bug report is about security issues, but these are not security
> issues of the software (as in: you can somehow hack into the computer
> wich is running the software), but of the encryption algorithms used.
>
> So it can be compared to a package implementing md5: Yes, it's known
> that md5 is not secure any more, but that's not a reason to remove all
> packages implementing md5 from debian.
...
> Therefore, I propose that encfs should be allowed into jessie.
>
> (What would be the right way to do that? Lower the severtiy of the bug?
> Add a jessie-ignore tag?)
>
> To notify users about the potential security issue, a NEWS file could
> be added, or one could add a warning to the output of the encfs command.
In fact, that is what I considered as workaround, and even harder: add a
debconf message with priority critical telling exactly those details.
Unless someone cries out loudly I will continue with this plan in a
couple of days.
Regards,
Eduard.
Reply to: