Bug 999

Summary: add warning to mountloop description
Product: Mageia Reporter: Dick Gevers <dvgevers>
Component: RPM PackagesAssignee: AL13N <alien>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: alien, davidwhodgins, djmarian4u, doc-bugs, marja11, steletch, thierry.vignaud
Version: CauldronKeywords: Junior_job, USABILITY
Target Milestone: Mageia 2   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: mountloop CVE:
Status comment:

Description Dick Gevers 2011-04-26 21:08:33 CEST 
Description of problem:

A couple of years ago it was already determined at Mandriva that mountloop was considered unsafe. Now I find them still on the Mageia isos. This appears to be a security issue. Please reconsider if Mageia wants to provide them as such.

grep mountl *idx
mageia-dvd-1-Beta2-i586.idx:mountloop-0.15.4-5.mga1.i586.rpm
mageia-dvd-1-Beta2-x86_64.idx:mountloop-0.15.4-5.mga1.x86_64.rpm
Ahmad Samir 2011-04-26 23:32:35 CEST

Component: Release (media, process) => RPM Packages
Source RPM: (none) => meta-task

Comment 1 Marja Van Waes 2011-10-10 20:59:40 CEST 
@ steletch

Could you please look into this?

CC: (none) => marja11, steletch

Comment 2 Dave Hodgins 2011-10-11 00:21:21 CEST 
While it is deprecated, anyone who is using it will need the package to
access the data.

Perhaps it would be better to add a warning to the description, to
discourage anyone from using it, rather then removing it.

I used to use it, and wrote a how to, when I switched to luks.
http://www.ody.ca/~dwhodgins/Luks-Howto.html

CC: (none) => davidwhodgins

Comment 3 Marja Van Waes 2011-10-11 06:32:44 CEST 
@ Dave

Thx!
That answers the "mountloop on Mageia isos: why?" -question.

Changing the summary to "Add warning to mountloop description"

Summary: mountloop on Mageia isos: why? => Add warning to mountloop description

Comment 4 Marja Van Waes 2011-10-11 07:27:41 CEST 
USABILITY keyword added because users don't expect a package to be unsafe when it's in our repo's

Keywords: (none) => USABILITY
Source RPM: meta-task => meta-task 2-8.mga2 mountloop 0.15.4-5.mga1

Comment 5 Manuel Hiebel 2011-11-13 13:41:56 CET 
we can also remove the package from the iso, see bug 3332

Keywords: (none) => Junior_job
Source RPM: meta-task 2-8.mga2 mountloop 0.15.4-5.mga1 => mountloop

Dick Gevers 2011-12-09 18:42:43 CET

CC: (none) => doc-bugs
Target Milestone: --- => Mageia 2

Comment 6 Marja Van Waes 2012-01-07 14:03:35 CET 
(In reply to comment #5)
> we can also remove the package from the iso, see bug 3332

cc'ing Thierry, who is in the changelog of this package a lot between 2004 and 2009

@ Thierry

WDYT

CC: (none) => thierry.vignaud

Dan Joita 2012-03-07 11:19:06 CET

CC: (none) => djmarian4u
Summary: Add warning to mountloop description => add warning to mountloop description

Comment 7 Stéphane Téletchéa 2012-03-08 17:14:19 CET 
Just an update on this, yes, I "mass imported" some packages at the beginning, but this is not important to keep this one I think, so better remove it.

No idea of how doing it, though.
Comment 8 Dave Hodgins 2012-03-08 19:46:15 CET 
As per comment 2, the package is still needed for anyone who used it
in the past to set up an encrypted filesystem.

I think adding a warning that the package is deprecated to the rpm
description should be done first, with a warning that it will be
dropped in mga 3.
Comment 9 AL13N 2012-03-10 10:48:38 CET 
I added a comment and made a new release.

Can anyone doublecheck and see if this is satisfactory?

CC: (none) => alien

Comment 10 Marja Van Waes 2012-03-10 12:00:48 CET 
(In reply to comment #9)
> I added a comment and made a new release.
> 
> Can anyone doublecheck and see if this is satisfactory?

Thanks a lot AL13N :)

Do you mind putting an extra line between the paragraphs

"We strongly advise you to switch to Luks"

So then it would be:

**********

Using this package for encrypted loopback is deprecated and regarded as
unsafe. However, it's still provided for who need to access their data to
migrate their setup. Likely this package will be removed for Mageia 3.

We strongly advise you to switch to Luks

As an example, one can look at this link:
http://www.ody.ca/~dwhodgins/Luks-Howto.html .

***************

Assignee: bugsquad => alien

Comment 11 Marja Van Waes 2012-03-10 14:57:59 CET 
Just tested, mountloop-0.15.4-8.mga2.i586 has the warning from comment 10 :)

Thx, AL13N

closing as fixed

Status: NEW => RESOLVED
Resolution: (none) => FIXED