releases and stuff

Mike Hernandez sequethin at gmail.com
Mon Nov 15 16:05:27 PST 2004


On Tue, 16 Nov 2004 10:16:17 +1100, Thomas Sutton <thsutton at gmail.com> wrote:
> On Mon, 15 Nov 2004 09:01:07 -0500, Mike Hernandez <sequethin at gmail.com> wrote:
> 
> 
> > On Mon, 15 Nov 2004 17:47:29 +1100, ryan.oliver at pha.com.au
> > <ryan.oliver at pha.com.au> wrote:
> > >
> > >
> > > > Ultimately, because it isn't safe to have devel tools on a system
> > > > regardless of whether or not they are mounted or not. Putting all the
> > > > devel in /opt is nice and tidy to some extent.
> > >
> > > I must admit I cannot live without some devel tools on my systems.
> > > Safest way is to keep them in an encrypted loopback filesystem for
> > > when you do actually need them.
> > >
> > I was reading in Linux Journal that the encrypted loopback stuff might
> > be dropped from the kernel. Seems no one wants to maintain it.
> 
> Cryptoloop or the device-mapper crypto target thingymabob? If they
> meant cryptoloop, good riddance and I'd be surprised if they were
> thinking about dropping the device-mapper support for encryption.
> 
Cryptoloop. 

Here's the quote (from the "diff -u" section [pg 12] of the December 2004 LJ:

"Cryptoloop is very likely to be dropped from 2.6 unless Andrew Morton
decides to wait to remove the code in 2.7; either way it seems clear
that cryptoloop is on the way out. The feature, intended to allow the
user to mount encrypted filesystems over loopback, is apparently buggy
and unmaintained, as well as having significant security problems. And
as far as Andrew is concerned, it is this security question that dooms
cryptoloop. Better to have no feature, he says, than a feature that
falsely claims to provide real security. The argument, put forward by
a number of developers, that such major changes as removing a feature
should never occur in a stable series, is being heard, but it seems
that this may only delay the inevitable. Unless someone steps up to
maintain it and fix the security holes, cryptoloop probably will not
last much longer"



More information about the hlfs-dev mailing list