X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/5ff5e6589e2b702516cb11c37e91ed69ad4eae8a..2ee993fe2cade668f8047f37ee223430775e3a38:/debian/catacomb-bin.templates

diff --git a/debian/catacomb-bin.templates b/debian/catacomb-bin.templates
new file mode 100644
index 0000000..d4fb741
--- /dev/null
+++ b/debian/catacomb-bin.templates
@@ -0,0 +1,14 @@
+Template: catacomb-bin/pixie-is-setuid
+Type: boolean
+Default: true
+Description: Install pixie setuid-root?
+ Catacomb provides a `passphrase pixie' which prompts for passphrases
+ (either on its terminal or using an external command) and remembers them
+ for a configurable period of time.
+ .
+ For added security, the pixie can ensure that the memory it uses for
+ passphrases is not swapped to disk.  To do this, it must be installed
+ setuid root.  While the pixie has been carefully written so that this
+ shouldn't be a security problem -- it allocates a small amount of memory,
+ marks it as unswappable and then drops privileges immediately -- it may
+ make some administrators nervous, so you have the option.