I vote in favor of this resolution on bug #329409. Thanks,
-- Raul On 4/6/06, Steve Langasek <[EMAIL PROTECTED]> wrote: > I'm calling for a vote on the following resolution regarding bug #329409. ... > WHEREAS > > 1. It is a limitation of the current device-mapper implementation in Debian > that all device nodes managed by libdevmapper are created with the same > hard-coded ownership and permissions; and > > 2. The standard owning group for disk device nodes is group "disk"; and > > 3. The sole reason for the existence of this group on Debian systems is > to control access to disk devices; and > > 4. The majority of device-mapper nodes expose data that is already > available to members of the disk group via the component disks; and > > 5. The use of a different owning group in these cases therefore makes > accessing the data more inconvenient but not more secure; and > > 6. The exception to the above is dm-crypt, whereby device-mapper nodes > expose data that is not available in unencrypted form from the > component disks; and > > 7. No single owning group satisfies all possible use cases for > device-mapper; but > > 8. Users of dm-crypt have the option of not adding users to the disk > group that they do not wish to have access to their unencrypted > dm-crypt volumes; > > THE TECHNICAL COMMITTEE: > > 9. THANKS Bastian Blank for his continued maintenance of the devmapper > package in Debian; and > > 10. ALSO THANKS Roger Leigh for bringing this issue before the > committee; and > > 11. ENCOURAGES the devmapper maintainer to work towards support for > configurable device-mapper device permissions in Debian; and > > 12. DETERMINES that the correct default permissions for all device-mapper > nodes is root:disk 0660, with or without support for configurable device > permissions; and > > 13. ASKS (with a 3:1 majority: REQUIRES) the devmapper maintainer to > implement these permissions in unstable by applying Roger Leigh's > patch from > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329409;msg=87;att=0; > and > > 14. RECOMMENDS policy be updated to reflect this determination on > default block device permissions; and > > 15. AUTHORIZES Roger to implement these same permissions in stable via a > non-maintainer upload. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > > iD8DBQFENNiIKN6ufymYLloRAs3kAKCGhP1weIjzn+hWZxEtDAnkK7r/iwCfdZtN > VPGy1yLpvWx9TFK44xWjbIg= > =Z3ZQ > -----END PGP SIGNATURE----- > > >
