Hi. In earlier days I'd have had definitely some interesting in helping with cryptsetup, especially making it "mightier" and "hardening" it. Which is not to be confused with the wish in taking maintenance overs as you do good work in many areas....
I guess you remember things or general design principles I've always proposed like: - rather failing / throwing errors than doing things that could potentially allow attacks - be as strict as possible in all places (for security reasons) - adding extensive documentation, especially in places where things might not be obvious and dangerous if future developers remove or change something. - rework all keyscripts, especially making them mightier towards fully supporting encrypted root-fs, key material on external media, etc. - overwork configuration framwork, or better "standardise" one that all keyscripts have to conform to - make key scripts work, that depend on /usr/* stuff, which currently fail - eventually add new key scripts However, I guess it makes no sense to re-iterate old discussion points which we could no agree on in the past... Nevertheless I guess I just like to say that anybody that would be willing to help will probably bring in similar or other interfering ideas like those.... and it will be therefore difficult to get help if not willing to accept such new ways. Which would be very bad IMHO, as cryptsetup is probably very important for many people, already. And I guess it's especially important for them to have it (as they probably already trust Debian) take care on all hidden and tricky pitfals one encounters with encryption (things like this LABEL "attack" I've described earlier). Cheers, Chris. -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5f4ba55f42a6f0aa9c27acbfd8828...@imap.dd24.net
