Harry Putnam <rea...@newsguy.com> writes: > The Wanderer <wande...@fastmail.fm> writes: > >> On 07/08/2014 09:45 AM, Harry Putnam wrote: >> >>> How does one obtain pkgs (encfs in this case) that are not available >>> to an `aptitude' search of pkgs for jessie? >>> >>> It appears that the pkg in question (encfs) is available for wheezy. >>> >>> https://packages.debian.org/stable/encfs >>> >>> So how to get to it, without jacking up my sources.list or some other >>> pitfall? >> >> http://snapshot.debian.org/binary/encfs/ >> > > [...] > >> You might want to look into *why* this was removed from jessie, >> though... > > Good point... a little googling hasn't revealed anything definitive, > but I often seem to be using poor search terms. > > I've found comments to the effect that encfs has multiple security > issues... I did not find a clear description of what they are. > > Does anyone here know why encfs was not included in `jessie'? >
There are two bugs with severity "serious" open against encfs: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736066 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745792 encfs was removed from jessie in April because of bugs 736066, and 741810. 741810 is fixed in unstable, but that fixed package introduces bug 745792. Much detail at https://packages.qa.debian.org/e/encfs.html > Also I know there are 1 or 2 other choices to do some of the same type > of stuff... Those may be a better bet... any one able to plug for a > specific technique to accomplish this setup: > > All I really do is keep smallish (less than 2 GB) directory with the > contents encfs encrypted. > > Contents are a collection of piles of receipts, notes, licenses for > software, and any other flotsum.. I felt a need to hang onto, byt did > not want it in clear text. > > I only expect it might be enough to ward of the casual script kiddie, > that might get into my system thru my own carelessness. > I seriously do not expect to be targeted by serious black hats. -- regards, kushal
pgpzh12H7QZJv.pgp
Description: PGP signature
