[WireGuard] debian packaging [was: Re: The Distro Package Maintainers Thread]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Jul 2 14:38:43 CEST 2016 

On Fri 2016-07-01 17:11:26 -0400, Jason A. Donenfeld wrote:
>> drwxr-xr-x root/root         0 2016-07-01 16:32 ./usr/share/doc/wireguard-tools/examples/client-server-example/
>> -rwxr-xr-x root/root      1015 2016-07-01 16:32 ./usr/share/doc/wireguard-tools/examples/client-server-example/client.sh
>> -rwxr-xr-x root/root       779 2016-06-28 16:32 ./usr/share/doc/wireguard-tools/examples/client-server-example/server.sh
>> drwxr-xr-x root/root         0 2016-07-01 16:32 ./usr/share/doc/wireguard-tools/examples/stress-testing/
>> -rw-r--r-- root/root       580 2016-06-28 16:32 ./usr/share/doc/wireguard-tools/examples/stress-testing/badpacket.c
>> -rw-r--r-- root/root      1296 2016-06-28 16:32 ./usr/share/doc/wireguard-tools/examples/stress-testing/peg.c
>> -rwxr-xr-x root/root      1013 2016-07-01 16:32 ./usr/share/doc/wireguard-tools/examples/stress-testing/self-send.sh
>> -rwxr-xr-x root/root       909 2016-06-28 16:32 ./usr/share/doc/wireguard-tools/examples/stress-testing/threewayiperf.sh
>> -rw-r--r-- root/root       541 2016-06-28 16:32 ./usr/share/doc/wireguard-tools/examples/wgserver.service
>
> These are not examples that are worth distributing. wgserver.service
> is somewhat useful, but stress-testing/* is definitely NOT
> APPROPRIATE, and I probably should remove those from the public repo.
> client-server is a parlor trick, but if anybody actually uses them or
> anything like them in production, they'll completely undermine the
> security of wireguard, so these scripts shouldn't be used either.
> They've been nice for my own development, but I definitely don't want
> these on people's machines. If you want one example, maybe the
> .service file is okay. But please ditch the others.

I was distributing them as part of the experimental package to encourage
people to experiment with the tool.  I thought maybe it'd be useful to
get stress-testing reports from (for example) people running powerpc64
platforms or whatever.  The "parlor trick" is quite neat: clearly not
secure, but a nice quick way for people to be able to say "hey, this
things works on my platform" without needing to set up two ends of a
tunnel themselves.

i'm fine with removing them though, if you don't want them distributed.
They'll be gone in the next revision.

        --dkg

More information about the WireGuard mailing list