Re: how to obtain pkg not available for my version (jessie)

To: debian-user@lists.debian.org
Subject: Re: how to obtain pkg not available for my version (jessie)
From: Paul E Condon <pecondon@mesanetworks.net>
Date: Thu, 10 Jul 2014 08:57:38 -0600
Message-id: <[🔎] 20140710145738.GA10380@big.lan.gnu>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 87ion57m30.fsf@reader.local.lan>
References: <[🔎] 87pphg7ymu.fsf@reader.local.lan> <[🔎] 53BBF7DB.9080607@fastmail.fm> <[🔎] 87ion57m30.fsf@reader.local.lan>

On 20140710_0240-0400, Harry Putnam wrote:
> The Wanderer <wanderer@fastmail.fm> writes:
> 
> > On 07/08/2014 09:45 AM, Harry Putnam wrote:
> >
> >> How does one obtain pkgs (encfs in this case) that are not available
> >> to an `aptitude' search of pkgs for jessie?
> >>
> >> It appears that the pkg in question (encfs) is available for wheezy.
> >>
> >>   https://packages.debian.org/stable/encfs
> >>
> >> So how to get to it, without jacking up my sources.list or some other
> >> pitfall?
> >
> > http://snapshot.debian.org/binary/encfs/
> >
> 
> [...]
> 
> > You might want to look into *why* this was removed from jessie,
> > though...
> 
> Good point... a little googling hasn't revealed anything definitive,
> but I often seem to be using poor search terms.
> 
> I've found comments to the effect that encfs has multiple security
> issues... I did not find a clear description of what they are.
> 
> Does anyone here know why encfs was not included in `jessie'?
> 
> Also I know there are 1 or 2 other choices to do some of the same type
> of stuff... Those may be a better bet... any one able to plug for a
> specific technique to accomplish this setup:
> 
> All I really do is keep smallish (less than 2 GB) directory with the
> contents encfs encrypted.
> 
> Contents are a collection of piles of receipts, notes, licenses for
> software, and any other flotsum.. I felt a need to hang onto, byt did
> not want it in clear text.
> 
> I only expect it might be enough to ward of the casual script kiddie,
> that might get into my system thru my own carelessness.
> I seriously do not expect to be targeted by serious black hats.
> 

Use Google with the search term encfs - there was a security audit of
encfs done in Jan 2014 and a report that has been published (with URL).
My quick assessment is that in its current form it should not be used,
BUT there are clearly people concerned about it and hopeful of fixing
it. So ... maybe it will be available in Debian some time in the middle
distant future -- not this year, but not never (maybe)

HTH

-- 
Paul E Condon           
pecondon@mesanetworks.net

Reply to:

References:
- how to obtain pkg not available for my version (jessie)
  - From: Harry Putnam <reader@newsguy.com>
- Re: how to obtain pkg not available for my version (jessie)
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: how to obtain pkg not available for my version (jessie)
  - From: Harry Putnam <reader@newsguy.com>

Prev by Date: Re: SSD optimization on Debian (2014)
Next by Date: Re: SSD optimization on Debian (2014)
Previous by thread: Re: how to obtain pkg not available for my version (jessie)
Next by thread: Re: how to obtain pkg not available for my version (jessie)
Index(es):
- Date
- Thread