Description of problem: A couple of years ago it was already determined at Mandriva that mountloop was considered unsafe. Now I find them still on the Mageia isos. This appears to be a security issue. Please reconsider if Mageia wants to provide them as such. grep mountl *idx mageia-dvd-1-Beta2-i586.idx:mountloop-0.15.4-5.mga1.i586.rpm mageia-dvd-1-Beta2-x86_64.idx:mountloop-0.15.4-5.mga1.x86_64.rpm
Component: Release (media, process) => RPM PackagesSource RPM: (none) => meta-task
@ steletch Could you please look into this?
CC: (none) => marja11, steletch
While it is deprecated, anyone who is using it will need the package to access the data. Perhaps it would be better to add a warning to the description, to discourage anyone from using it, rather then removing it. I used to use it, and wrote a how to, when I switched to luks. http://www.ody.ca/~dwhodgins/Luks-Howto.html
CC: (none) => davidwhodgins
@ Dave Thx! That answers the "mountloop on Mageia isos: why?" -question. Changing the summary to "Add warning to mountloop description"
Summary: mountloop on Mageia isos: why? => Add warning to mountloop description
USABILITY keyword added because users don't expect a package to be unsafe when it's in our repo's
Keywords: (none) => USABILITYSource RPM: meta-task => meta-task 2-8.mga2 mountloop 0.15.4-5.mga1
we can also remove the package from the iso, see bug 3332
Keywords: (none) => Junior_jobSource RPM: meta-task 2-8.mga2 mountloop 0.15.4-5.mga1 => mountloop
CC: (none) => doc-bugsTarget Milestone: --- => Mageia 2
(In reply to comment #5) > we can also remove the package from the iso, see bug 3332 cc'ing Thierry, who is in the changelog of this package a lot between 2004 and 2009 @ Thierry WDYT
CC: (none) => thierry.vignaud
CC: (none) => djmarian4uSummary: Add warning to mountloop description => add warning to mountloop description
Just an update on this, yes, I "mass imported" some packages at the beginning, but this is not important to keep this one I think, so better remove it. No idea of how doing it, though.
As per comment 2, the package is still needed for anyone who used it in the past to set up an encrypted filesystem. I think adding a warning that the package is deprecated to the rpm description should be done first, with a warning that it will be dropped in mga 3.
I added a comment and made a new release. Can anyone doublecheck and see if this is satisfactory?
CC: (none) => alien
(In reply to comment #9) > I added a comment and made a new release. > > Can anyone doublecheck and see if this is satisfactory? Thanks a lot AL13N :) Do you mind putting an extra line between the paragraphs "We strongly advise you to switch to Luks" So then it would be: ********** Using this package for encrypted loopback is deprecated and regarded as unsafe. However, it's still provided for who need to access their data to migrate their setup. Likely this package will be removed for Mageia 3. We strongly advise you to switch to Luks As an example, one can look at this link: http://www.ody.ca/~dwhodgins/Luks-Howto.html . ***************
Assignee: bugsquad => alien
Just tested, mountloop-0.15.4-8.mga2.i586 has the warning from comment 10 :) Thx, AL13N closing as fixed
Status: NEW => RESOLVEDResolution: (none) => FIXED