Control: tags -1 -security
Control: severity -1 normal
Actually, looking back at this, this is not a vulnerability directly
with etckeeper, or at least, nothing that wasn't already clearly
explained in the README. To quote it:
> ## security warnings
>
> First, a big warning: By checking /etc into version control, you are
> creating a copy of files like /etc/shadow that must remain secret. Anytime
> you have a copy of a secret file, it becomes more likely that the file
> contents won't remain secret. etckeeper is careful about file permissions,
> and will make sure that repositories it sets up don't allow anyone but root
> to read their contents. However, you *also* must take care when cloning
> or copying these repositories, not to allow anyone else to see the data.
That seems pretty clear to me... So I am downgrading this to a normal
issue and removing the security tag as the security implications of
running etckeeper are clearly stated from the start.
A.
--
We have no friends but the mountains.
- Kurdish saying
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
