Some downstream configurations do not store secrets in the
early (loader/static) environments and desire a way to preserve these
for diagnostic reasons. Provide an option to do so.
Details
Details
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
sys/conf/options | ||
---|---|---|
1025 | Given there's only a single option, I don't know that we need this single-line header. I don't really anticipate a large number of kenv options that warrant a header. | |
1029 | I would drop "theoretically" as it's too dismissive. One could perhaps say, "potentially" but that's only slightly better. If we wanted to provide a caveat I think the caveat should explain which situations aren't insecure. For example, something like "This option is insecure except in controlled environments where the static environment's contents are known to be safe." |