Re: dedicated live CD for PGP master key management
On 25/04/16 17:34, Christian Seiler wrote:
> Am 2016-04-25 17:24, schrieb Daniel Pocock:
>> On 25/04/16 16:23, Holger Levsen wrote:
>>> On Mon, Apr 25, 2016 at 04:03:26PM +0200, Daniel Pocock wrote:
>>>> I had already made up some live CDs for ready-to-run VoIP and
>>>> remote hands purposes, so I can probably do some of what is
>>>> required, but it seems like a good idea to avoid duplicating any
>>>> other efforts in this area too.
>>>
>>> shouldn't most of the functionality of this go into (a) dedicated
>>> package(s) which then can be used by several, eg by tails and grml and
>>> debian live-cds?
>>>
>> Some parts of such a project could probably be packaged
>>
>> One of the ideas I had is that it should have a kernel compiled without
>> any networking support, then it may not make sense to mix bits of the
>> solution with other live CDs
>
> Well, as Debian kernels are modularized, why not simply create a
> package that blacklists all network drivers? Then you don't have
> to compile an own kernel, but just make sure that the list of
> networking-related kernel modules is up to date, which seems to
> me to be a lot less work (especially since you can potentially
> automate that by looking for stuff in drivers/net).
>
> Plus a tool that looks at the list of loaded modules and checks
> that there isn't any network driver loaded.
>
I agree that is probably easier for development, although from a
security point of view the strategy would be to avoid having any
networking code in the environment at all
I've progressed the whole concept from vapourware to wikiware now:
https://wiki.debian.org/OpenPGP/CleanRoomLiveEnvironment
Does the workflow make sense?
Reply to: