FS#58559 - [gitlab][gitlab-shell] Packages shouldn't provide secret files
Attached to Project:
Community Packages
Opened by Jonas Hahnfeld (hahnjo) - Saturday, 12 May 2018, 13:19 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Sunday, 29 July 2018, 15:11 GMT
Opened by Jonas Hahnfeld (hahnjo) - Saturday, 12 May 2018, 13:19 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Sunday, 29 July 2018, 15:11 GMT
|
Details
Everyone should generate their own secrets, the packages
shouldn't provide known (= insecure) default values. This
might need documentation in the wiki.
|
This task depends upon
Closed by Sven-Hendrik Haase (Svenstaro)
Sunday, 29 July 2018, 15:11 GMT
Reason for closing: Won't fix
Additional comments about closing: These packages already have a note to the user to install a secure bytestring there. The secret files in both cases need to be there during installation and I think it makes sense to provide them in the package so that permissions are at least correct.
Sunday, 29 July 2018, 15:11 GMT
Reason for closing: Won't fix
Additional comments about closing: These packages already have a note to the user to install a secure bytestring there. The secret files in both cases need to be there during installation and I think it makes sense to provide them in the package so that permissions are at least correct.
Comment by
Sven-Hendrik Haase (Svenstaro) -
Monday, 14 May 2018, 09:15 GMT
It needs the secrets to compile/install. I suppose I could remove
them again after that is done. It's likely a sane choice to force
users to generate their own secrets. Can you make a patch for both
packages that also adds notes to the .install files which makes
users aware that this is something they have to do?