[pkg-cryptsetup-devel] Bug#626641: Bug#626641: cryptsetup: bug #587220 re-introduced

Jonas Meurer jonas at freesources.org
Sat May 14 11:47:07 UTC 2011

Hey Christoph,

On 14/05/2011 Christoph Anton Mitterer wrote:
> Withe the recent upload and its changes to the init-script you again
> introduce the meta-security hole discussed in #587220.
> I know, that policy requests that init-scripts exit gracefully in case a
> package has been removed but not purged.
> But I guess it should be quite clear to everyone that with respect to the
> intention of cryptsetup (security) and the possible effects on that... this
> is not only justifyable but also absolutely neccessary.

Sorry, I simply disagree with you that this is about a 'meta-security
hole'. In the refered bugreport (#587220) you wrote yourself:

> I guess it's not required, because if the initscripts are there, that file 
> is also there,.. unless people broke their packages manually, which we can
> never prevent or always check for.

If people 'break' their system, it will not be secure anymore. If they
either remove the cryptsetup package while it's still used on the
system, or simply remove the cryptdisks.functions file, that's a
perfectly good example of breaking their system.

Trying to support broken systems is a neverending story, and will not

And yes, as long as the cryptsetup package is installed,
/lib/cryptsetup/cryptdisks.functions will be in place.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20110514/ea69406d/attachment.pgp>

More information about the pkg-cryptsetup-devel mailing list