On Sat, Feb 11, 2006 at 04:47:16PM -0800, Steve Langasek wrote: > On Sat, Feb 11, 2006 at 07:33:34PM -0500, Raul Miller wrote: > > On 2/10/06, Steve Langasek <[EMAIL PROTECTED]> wrote: > > > ... follow-up to self: given that crypt-dm sits on top of devmapper, it is > > > indeed plausible that one would want to prevent members of group disk from > > > reading the decrypted volume. > > So don't use group disk in that context. > Meaning, don't add users to group disk in that context? > I think I agree. Being able to use a different group for dm-crypt devices > seems like a wishlist bug to me, and of lower importance than being able to > use the *same* group for all other block devices.
So, it seems like we have the following opinions:
In the long term, have fine grained control that leaves disks as
root:disk 0660, and other devices with other appropriate groups.
-- in favour: everyone?
Immediately, until the above is implemented, have updates to stable
and unstable of devmapper, that set everything as root:disk 0660
by default.
-- in favour: Bdale [0], Raul [1], Steve [2], Anthony [3]
-- against: Ian [4]
-- no stated opinion: Andy, Manoj
If the latter's correct, we've got a decision, no? (4/7 means the outcome's
no longer in doubt, as per 6.3(1))
Cheers,
aj
[0] http://lists.debian.org/debian-ctte/2005/12/msg00031.html
[1] http://lists.debian.org/debian-ctte/2006/02/msg00019.html
[2] http://lists.debian.org/debian-ctte/2006/02/msg00031.html
[3] http://lists.debian.org/debian-ctte/2006/02/msg00027.html
[4] http://lists.debian.org/debian-ctte/2006/02/msg00022.html
signature.asc
Description: Digital signature
