Summary: | app-crypt/bcwipe-1.9.13, app-crypt/bestcrypt-2.0.14 need mirror and bindist restriction | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Ulrich Müller <ulm> |
Component: | Current packages | Assignee: | Crypto team [DISABLED] <crypto+disabled> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | licenses, releng |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Ulrich Müller
2019-04-21 12:29:26 UTC
> because bcwipe is included in admincd-amd64-20190417T214503Z.iso
bcwipe claims to do all kinds of magic to provide a more secure deletion, with claims of being "military grade" and all kinfs of fancy algorithms.
A while ago I tried to dig a bit into such claims and the summary is that there's basically nothing behind such claims. I.e. simple shred will do just as well.
There hasn't been a single documented case where data was recovered even after a single overwrite. (shred does three by default, i.e. that's already plenty of safety margin.)
I'm in the process of dropping this package from the admin-cd specs. The package was initially added by request. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/releng.git/commit/?id=c1a4ecf6940ec28e7382bf8f957f6102a7d825b7 commit c1a4ecf6940ec28e7382bf8f957f6102a7d825b7 Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2019-04-21 13:22:32 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2019-04-21 13:22:32 +0000 Drop app-crypt/bcwipe from the admin-cd specs as it seems we can't distribuite it - bug 683956. Thanks to Ulrich Müller <ulm@gentoo.org> for pointing out the licensing issue. Bug: http://bugs.gentoo.org/683956 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> releases/weekly/specs/amd64/hardened/admincd-stage1-selinux.spec | 1 - releases/weekly/specs/amd64/hardened/admincd-stage1.spec | 1 - releases/weekly/specs/x86/hardened/admincd-stage1.spec | 1 - 3 files changed, 3 deletions(-) The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5452e13d1d27aab861a6a2cb37d2b163ef2e54d1 commit 5452e13d1d27aab861a6a2cb37d2b163ef2e54d1 Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2019-04-21 17:49:42 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2019-04-21 17:54:27 +0000 app-crypt/bestcrypt: add RESTRICT Closes: https://bugs.gentoo.org/show_bug.cgi?id=683956 Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 app-crypt/bestcrypt/bestcrypt-2.0.14.ebuild | 1 + 1 file changed, 1 insertion(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89700a3d2fe3624c8ec3c58f5293030c060d641b commit 89700a3d2fe3624c8ec3c58f5293030c060d641b Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2019-04-21 17:47:18 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2019-04-21 17:54:26 +0000 app-crypt/bcwipe: add RESTRICT Closes: https://bugs.gentoo.org/show_bug.cgi?id=683956 Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 app-crypt/bcwipe/bcwipe-1.9.13.ebuild | 1 + 1 file changed, 1 insertion(+) Additionally, it has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5900a3c46c249236a0f27284b6f75c60704da77 commit e5900a3c46c249236a0f27284b6f75c60704da77 Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2019-04-21 17:53:26 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2019-04-21 17:54:28 +0000 profiles/license_groups: add EULA::bestcrypt Bug: https://bugs.gentoo.org/show_bug.cgi?id=683956 Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org> profiles/license_groups | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) |