sysutils/cfs
Mikhail T.
mi+thun at aldan.algebra.com
Wed Sep 7 16:20:07 UTC 2011
On 07.09.2011 12:04, Chris Rees wrote:
>
> However... I find it deeply troubling that you consider buildability more
> important than security fixes. Are you actually serious?
>
Yes, I'm, of course, serious. As you formulated above, the question is a no
brainer: software, that does not build is ultimately "secure". Ha-ha...
Seriously, this ought to remain up to the user. To quote an ancient principle,
we are to provide mechanism, not policy. If we are aware of a problem, we ought
to advise the user of it. But to completely remove the mechanism for the sake of
enforcing, what we think ought to be the user's own policy, is wrong...
For example, the cfs' known vulnerability strikes only, when a particular file's
size exceeds 2Gb (that's about 3 CDs).
I can see a number of use-cases, when the entire encrypted FS is less than that.
One can certainly fit all of one's passwords, as well as high-res scans of
important documents and have room to spare. It may also be possible to prevent
hitting that threshold with quotas.
And so on. Yours,
-mi
More information about the freebsd-ports
mailing list