[crux-devel] meeting notes & next IRC Meeting

Anton cbou at mail.ru
Wed May 31 23:23:50 UTC 2006


On Wed, May 31, 2006 at 08:52:50PM +0200, Daniel Mueller wrote:
> Besides of the fact that you will get the possibility to join a corporate 
> network with centralized password management, imagine the following scenario:
> 
> You've got a brand-new laptop. Your new laptop has the disadvantage of being a 
> popular object of desire for pilferers. The harddisk contains most likely 
> private data (e.g. nude pics of your girlfriend). It's a good idea to encrypt 
> those private files. I hear you saying "Bah, no problem, I don't need PAM for 
> this". Okay; you would probably create some container files in your home 
> directory and mount them if needed. Now let's imagine the thief is a smart 
> one and he's looking for tracks in your home directory 
> (.bash_history, .kde/*, .gnome/*, thumbails/*  ..). 
> With PAM (pam_mount) it's possible to mount encrypted filesystems during the 
> logon session. That means you could encrypt your whole home directory and 
> mount it automaticlly during login. After you've logged out, PAM will unmount 
> it for you.
> 
> Of course, you could do the same in some different ways (Many roads lead to 
> Rome).. It was just an example of PAM's numerous capabilities. At the moment 
> I'm enjoying little goodies like xauth forwarding when using su(1). (You may 
> know this message: Xlib: connection to ":0.0" refused by server)

Daniel, thank you for detailed explanation. That is impressive. Though
I do not plan to use these features myself in near future.

Anyway, there is the way to make happy both sides, those who like PAM and
those who don't. It is... Subversion! Yeah, really. Why not make svn as
default ports driver? Everybody can make their changes as they like.
There may be some user contributed make-crux-PAMless.patch for every release.

Changes do not disappear when you are updating ports.

I use svn driver a long time, without any problems. And I have upgraded
crux-2.1 to crux-2.2 using `svn diff core/ > ~/core.diff' and
`svn diff opt/ > ~/opt.diff'. That was piece of cake, and I get back
configure flags that *I* like, just by patching core and opt.

Though, if svn driver will be default, then `ports -u' action must also
check for conflicts and warn about them (that is easy to implement using
`svn status | grep').

IMHO, that resolves all contests about default configure flags, without
any harm.

	Good luck,

-- Anton (irc: bd2)

p.s. Please, announce here when you are planning to discuss ideas about
pkgtools rewrite, attributes, e.t.c. I have some thoughts about it.
(Shortly: I do not like idea of attributes in /var/lib/pkg/db, but I do
like idea[1] that Oleksiy Khilkevich proposed, i.e. put whole Pkgfile
and related files into binary package. Simple, without complexity.
Everybody happy.)

Just my 2 cents.

[1] http://lists.crux.nu/pipermail/crux-devel/2006-April/001672.html




More information about the crux-devel mailing list