Date: Wed, 07 Sep 2011 12:20:04 -0400 From: "Mikhail T." <mi+thun@aldan.algebra.com> To: Chris Rees <crees@freebsd.org> Cc: "Julian H. Stacey" <jhs@berklix.com>, freebsd-ports@freebsd.org Subject: Re: sysutils/cfs Message-ID: <4E6799B4.5090603@aldan.algebra.com> In-Reply-To: <CADLo838QkAjq2jPXy_c5MTYW09tZJMvWTNndo3Pnfa3=1c-5Og@mail.gmail.com> References: <4E651DCF.30605@FreeBSD.org> <201109052146.p85Lkous037023@fire.js.berklix.net> <CADLo838dMd5=TjRF5ffiaPH7o0%2BpeWgaqbQqEfDb3EP-n4ec8A@mail.gmail.com> <4E67935C.6080702@aldan.algebra.com> <CADLo838QkAjq2jPXy_c5MTYW09tZJMvWTNndo3Pnfa3=1c-5Og@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07.09.2011 12:04, Chris Rees wrote: > > However... I find it deeply troubling that you consider buildability more > important than security fixes. Are you actually serious? > Yes, I'm, of course, serious. As you formulated above, the question is a no brainer: software, that does not build is ultimately "secure". Ha-ha... Seriously, this ought to remain up to the user. To quote an ancient principle, we are to provide mechanism, not policy. If we are aware of a problem, we ought to advise the user of it. But to completely remove the mechanism for the sake of enforcing, what we think ought to be the user's own policy, is wrong... For example, the cfs' known vulnerability strikes only, when a particular file's size exceeds 2Gb (that's about 3 CDs). I can see a number of use-cases, when the entire encrypted FS is less than that. One can certainly fit all of one's passwords, as well as high-res scans of important documents and have room to spare. It may also be possible to prevent hitting that threshold with quotas. And so on. Yours, -mi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E6799B4.5090603>