Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 683956 - app-crypt/bcwipe-1.9.13, app-crypt/bestcrypt-2.0.14 need mirror and bindist restriction
Summary: app-crypt/bcwipe-1.9.13, app-crypt/bestcrypt-2.0.14 need mirror and bindist r...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Crypto team [DISABLED]
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-21 12:29 UTC by Ulrich Müller
Modified: 2019-04-21 17:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ulrich Müller gentoo-dev 2019-04-21 12:29:26 UTC
The "bestcrypt" license is an EULA with a "try before you buy" approach, and it explicitly prohibits transfer "to any other system, or to another organization or individual".

Therefore, the bestcrypt should be added to the EULA license group. Also, we cannot distribute these packages via Gentoo mirrors, and both bcwipe and bestcrypt need RESTRICT="mirror bindist".

CCing releng, because bcwipe is included in admincd-amd64-20190417T214503Z.iso.
Comment 1 Hanno Böck gentoo-dev 2019-04-21 12:33:09 UTC
> because bcwipe is included in admincd-amd64-20190417T214503Z.iso

bcwipe claims to do all kinds of magic to provide a more secure deletion, with claims of being "military grade" and all kinfs of fancy algorithms.
A while ago I tried to dig a bit into such claims and the summary is that there's basically nothing behind such claims. I.e. simple shred will do just as well.

There hasn't been a single documented case where data was recovered even after a single overwrite. (shred does three by default, i.e. that's already plenty of safety margin.)
Comment 2 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2019-04-21 13:59:40 UTC
I'm in the process of dropping this package from the admin-cd specs.
The package was initially added by request.
Comment 3 Larry the Git Cow gentoo-dev 2019-04-21 15:59:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/releng.git/commit/?id=c1a4ecf6940ec28e7382bf8f957f6102a7d825b7

commit c1a4ecf6940ec28e7382bf8f957f6102a7d825b7
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2019-04-21 13:22:32 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2019-04-21 13:22:32 +0000

    Drop app-crypt/bcwipe from the admin-cd specs as it seems we can't distribuite it - bug 683956.
    
    Thanks to Ulrich Müller <ulm@gentoo.org> for pointing out the licensing issue.
    Bug: http://bugs.gentoo.org/683956
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 releases/weekly/specs/amd64/hardened/admincd-stage1-selinux.spec | 1 -
 releases/weekly/specs/amd64/hardened/admincd-stage1.spec         | 1 -
 releases/weekly/specs/x86/hardened/admincd-stage1.spec           | 1 -
 3 files changed, 3 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2019-04-21 17:54:42 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5452e13d1d27aab861a6a2cb37d2b163ef2e54d1

commit 5452e13d1d27aab861a6a2cb37d2b163ef2e54d1
Author:     Alon Bar-Lev <alonbl@gentoo.org>
AuthorDate: 2019-04-21 17:49:42 +0000
Commit:     Alon Bar-Lev <alonbl@gentoo.org>
CommitDate: 2019-04-21 17:54:27 +0000

    app-crypt/bestcrypt: add RESTRICT
    
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=683956
    Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org>
    Package-Manager: Portage-2.3.62, Repoman-2.3.11

 app-crypt/bestcrypt/bestcrypt-2.0.14.ebuild | 1 +
 1 file changed, 1 insertion(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89700a3d2fe3624c8ec3c58f5293030c060d641b

commit 89700a3d2fe3624c8ec3c58f5293030c060d641b
Author:     Alon Bar-Lev <alonbl@gentoo.org>
AuthorDate: 2019-04-21 17:47:18 +0000
Commit:     Alon Bar-Lev <alonbl@gentoo.org>
CommitDate: 2019-04-21 17:54:26 +0000

    app-crypt/bcwipe: add RESTRICT
    
    Closes: https://bugs.gentoo.org/show_bug.cgi?id=683956
    Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org>
    Package-Manager: Portage-2.3.62, Repoman-2.3.11

 app-crypt/bcwipe/bcwipe-1.9.13.ebuild | 1 +
 1 file changed, 1 insertion(+)

Additionally, it has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5900a3c46c249236a0f27284b6f75c60704da77

commit e5900a3c46c249236a0f27284b6f75c60704da77
Author:     Alon Bar-Lev <alonbl@gentoo.org>
AuthorDate: 2019-04-21 17:53:26 +0000
Commit:     Alon Bar-Lev <alonbl@gentoo.org>
CommitDate: 2019-04-21 17:54:28 +0000

    profiles/license_groups: add EULA::bestcrypt
    
    Bug: https://bugs.gentoo.org/show_bug.cgi?id=683956
    Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org>

 profiles/license_groups | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)