[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pkg/MESSAGE for security/gnupg

To: ports_(_at_)_openbsd_(_dot_)_org
Subject: pkg/MESSAGE for security/gnupg
From: Antoine Jacoutot <ajacoutot_(_at_)_lphp_(_dot_)_org>
Date: Sat, 29 Oct 2005 16:06:23 +0200

Hi,

After almost 3 weeks without an answer from the gnupg maintainer, I though I would post this message here.

Now that the "vm.swapencrypt.enable" sysctl is on by default, I think the pkg/MESSAGE should be changed.

I included a sample diff for that...
What do you think ?

Regards,

Antoine

--- pkg/MESSAGE.orig	Sat Oct 29 16:03:14 2005
+++ pkg/MESSAGE	Sat Oct 29 16:04:16 2005
@@ -1,16 +1,6 @@
-
 The manpage of GnuPG mentions the need for memory page locking.
-In fact this is not needed as OpenBSD supports swap file encryption.
-
-You can
-
-- enable memory page locking for non-root users if you set the setuid
-  bit for the gpg binary (most likely 'chmod u+s ${PREFIX}/bin/gpg').
-
-- enable swap encryption by setting vm.swapencrypt.enable=1 with
-  sysctl(8). This is recommended.
-
-In the latter case you may want to get rid of the misleading 'using
-insecure memory' warning. Just put 'no-secmem-warning' to your
-~/.gnupg/gpg.conf file or use gpg with the --no-secmem-warning switch.
-
+In fact this is not needed as OpenBSD enables swap file encryption by
+default in /etc/sysctl.conf.
+However, you may want to get rid of the misleading 'using insecure
+memory' warning. Just put 'no-secmem-warning' to your ~/.gnupg/gpg.conf
+file or use gpg with the --no-secmem-warning switch.

Prev by Date: proposition for the cyrus-sasl2 port
Next by Date: openclipart to 0.18
Previous by thread: proposition for the cyrus-sasl2 port
Next by thread: openclipart to 0.18
Index(es):
- Date
- Thread

Visit your host, monkey.org