Re: [RFR] po-debconf://apt-cacher-ng (new template)
Hallo,
* Justin B Rye [Tue, Oct 07 2014, 09:57:13AM]:
> And I'm not keen on the phrasing of the last part; maybe
>
> "encrypted data without this being noticed by a legitimate user, or might
> "use timing analysis to deduce information."
>
> (I gather the information is about MACs, but maybe explaining that
> would take longer than it's worth.)
Exactly.
> > "Until these issues are resolved, encfs should not be considered a safe home "
> > "for sensitive data in certain scenarios."
> > msgstr ""
>
> If you mean the scenarios implied above where an attacker has
> read/write access or can monitor encryption times then it should
> probably refer back to them:
>
> "Until these issues are resolved, encfs should not be considered a safe home "
> "for sensitive data in scenarios where such attacks are possible."
Usually I try to avoid such wording because it might make the impact
look less severe to certain users. But I think your version is a
reasonable compromise since the first paragraph sounds more persuasive.
> There should probably also be a link to further information, or is
> that going in a NEWS file?
Yes, into the NEWS file.
> --
> JBR with qualifications in linguistics, experience as a Debian
> sysadmin, and probably no clue about this particular package
Good enough. ;-)
Thanks,
Eduard.
Reply to: