Debian Bug report logs - #730439
ITP: ori -- a secure distributed file system

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: "Edward Z. Yang" <ezyang@cs.stanford.edu>

Date: Mon, 25 Nov 2013 02:33:01 UTC

Owned by: "Edward Z. Yang" <ezyang@cs.stanford.edu>

Severity: wishlist

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org, wnpp@debian.org:
Bug#730439; Package wnpp. (Mon, 25 Nov 2013 02:33:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Edward Z. Yang" <ezyang@cs.stanford.edu>:
New Bug report received and forwarded. Copy sent to debian-devel@lists.debian.org, wnpp@debian.org. (Mon, 25 Nov 2013 02:33:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Edward Z. Yang" <ezyang@cs.stanford.edu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ITP: ori -- a secure distributed file system
Date: Sun, 24 Nov 2013 18:18:11 -0800
Package: wnpp
Severity: wishlist
Owner: "Edward Z. Yang" <ezyang@cs.stanford.edu>

* Package name    : ori
  Version         : 0.8.0
  Upstream Author : Ori Developers <orifs-devel@lists.stanford.edu>
* URL             : http://ori.scs.stanford.edu/
* License         : MIT/X
  Programming Lang: C++
  Description     : a secure distributed file system

Ori is a distributed file system built for offline operation and control
over synchronization operations and conflict resolution. It provides
history through lightweight snapshots and allow users to verify the
history has not been tampered with.  Through the use of replication,
instances can be resilient and recover damaged data from other nodes.



Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, "Edward Z. Yang" <ezyang@cs.stanford.edu>:
Bug#730439; Package wnpp. (Mon, 25 Nov 2013 09:36:28 GMT) Full text and rfc822 format available.

Acknowledgement sent to intrigeri <intrigeri@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, "Edward Z. Yang" <ezyang@cs.stanford.edu>. (Mon, 25 Nov 2013 09:36:28 GMT) Full text and rfc822 format available.

Message #10 received at 730439@bugs.debian.org (full text, mbox):

From: intrigeri <intrigeri@debian.org>
To: "Edward Z. Yang" <ezyang@cs.stanford.edu>
Cc: 730439@bugs.debian.org
Subject: Re: Bug#730439: ITP: ori -- a secure distributed file system
Date: Mon, 25 Nov 2013 10:35:35 +0100
Hi,

>   Description     : a secure distributed file system

I find it always scary to see people advertise some software as
"secure", especially without specifying what threat model it is about.
Security is not a boolean, and something that's secure in a given
threat model may be totally unsafe in another one.

Perhaps the package description could be a bit more humble on this
side, and instead of "secure", express in a few words the kind of
security that is offered?

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc



Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, "Edward Z. Yang" <ezyang@cs.stanford.edu>:
Bug#730439; Package wnpp. (Mon, 25 Nov 2013 09:51:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Edward Z. Yang <ezyang@cs.stanford.edu>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, "Edward Z. Yang" <ezyang@cs.stanford.edu>. (Mon, 25 Nov 2013 09:51:10 GMT) Full text and rfc822 format available.

Message #15 received at 730439@bugs.debian.org (full text, mbox):

From: Edward Z. Yang <ezyang@cs.stanford.edu>
To: intrigeri <intrigeri@debian.org>
Cc: 730439 <730439@bugs.debian.org>
Subject: Re: Bug#730439: ITP: ori -- a secure distributed file system
Date: Mon, 25 Nov 2013 01:46:53 -0800
Sure; I just copied the tagline from the website.  The basic security
guarantees Ori gives is that all of the files that are replicated are
cryptographically hashed with SHA-256, so if a node knows the hash of a
file, it can verify that it actually got the file after doing some sort
of fetch. (Just like Git.)  That's not so easy to put in the tagline.
Perhaps:

    Description : a distributed file system inspired by version control systems

Edward

Excerpts from intrigeri's message of 2013-11-25 01:35:35 -0800:
> Hi,
> 
> >   Description     : a secure distributed file system
> 
> I find it always scary to see people advertise some software as
> "secure", especially without specifying what threat model it is about.
> Security is not a boolean, and something that's secure in a given
> threat model may be totally unsafe in another one.
> 
> Perhaps the package description could be a bit more humble on this
> side, and instead of "secure", express in a few words the kind of
> security that is offered?
> 
> Cheers,



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 11:55:18 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.