The "bestcrypt" license is an EULA with a "try before you buy" approach, and it explicitly prohibits transfer "to any other system, or to another organization or individual". Therefore, the bestcrypt should be added to the EULA license group. Also, we cannot distribute these packages via Gentoo mirrors, and both bcwipe and bestcrypt need RESTRICT="mirror bindist". CCing releng, because bcwipe is included in admincd-amd64-20190417T214503Z.iso.
> because bcwipe is included in admincd-amd64-20190417T214503Z.iso bcwipe claims to do all kinds of magic to provide a more secure deletion, with claims of being "military grade" and all kinfs of fancy algorithms. A while ago I tried to dig a bit into such claims and the summary is that there's basically nothing behind such claims. I.e. simple shred will do just as well. There hasn't been a single documented case where data was recovered even after a single overwrite. (shred does three by default, i.e. that's already plenty of safety margin.)
I'm in the process of dropping this package from the admin-cd specs. The package was initially added by request.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/releng.git/commit/?id=c1a4ecf6940ec28e7382bf8f957f6102a7d825b7 commit c1a4ecf6940ec28e7382bf8f957f6102a7d825b7 Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2019-04-21 13:22:32 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2019-04-21 13:22:32 +0000 Drop app-crypt/bcwipe from the admin-cd specs as it seems we can't distribuite it - bug 683956. Thanks to Ulrich Müller <ulm@gentoo.org> for pointing out the licensing issue. Bug: http://bugs.gentoo.org/683956 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> releases/weekly/specs/amd64/hardened/admincd-stage1-selinux.spec | 1 - releases/weekly/specs/amd64/hardened/admincd-stage1.spec | 1 - releases/weekly/specs/x86/hardened/admincd-stage1.spec | 1 - 3 files changed, 3 deletions(-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5452e13d1d27aab861a6a2cb37d2b163ef2e54d1 commit 5452e13d1d27aab861a6a2cb37d2b163ef2e54d1 Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2019-04-21 17:49:42 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2019-04-21 17:54:27 +0000 app-crypt/bestcrypt: add RESTRICT Closes: https://bugs.gentoo.org/show_bug.cgi?id=683956 Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 app-crypt/bestcrypt/bestcrypt-2.0.14.ebuild | 1 + 1 file changed, 1 insertion(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89700a3d2fe3624c8ec3c58f5293030c060d641b commit 89700a3d2fe3624c8ec3c58f5293030c060d641b Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2019-04-21 17:47:18 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2019-04-21 17:54:26 +0000 app-crypt/bcwipe: add RESTRICT Closes: https://bugs.gentoo.org/show_bug.cgi?id=683956 Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 app-crypt/bcwipe/bcwipe-1.9.13.ebuild | 1 + 1 file changed, 1 insertion(+) Additionally, it has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5900a3c46c249236a0f27284b6f75c60704da77 commit e5900a3c46c249236a0f27284b6f75c60704da77 Author: Alon Bar-Lev <alonbl@gentoo.org> AuthorDate: 2019-04-21 17:53:26 +0000 Commit: Alon Bar-Lev <alonbl@gentoo.org> CommitDate: 2019-04-21 17:54:28 +0000 profiles/license_groups: add EULA::bestcrypt Bug: https://bugs.gentoo.org/show_bug.cgi?id=683956 Signed-off-by: Alon Bar-Lev <alonbl@gentoo.org> profiles/license_groups | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)