On Thu, Sep 11, 2014 at 04:06:06PM -0400, Harlan Lieberman-Berg wrote: > On Thu, 2014-09-11 at 19:33 +0200, Eduard Bloch wrote: > > I though Jan has just described one. For example, taking a 10 year old > > CD with backups from your safe and trying to get the data back. > > Another option would be to take the same approach that TrueCrypt did > under (potentially) the same circumstances, and allow encfs into jessie > - but only for read-only containers. That way, people can recover their > data easily, but there's no risk of perpetuating a completely broken > encryption layer. > > That'd be the best of both worlds, in my opinion.
Note that some people have encfs encrypted HOME dirs by means of things like libpam-encfs. I do not think they will enjoy having their HOME partition suddenly become RO, even if can be recovered with the new package. They should of course be warned loudly that an old encryption layer is in use, with some potential risks. Another option would be a jessie encfs-ro package conflicting with encfs, but neither providing nor replacing it, so no new volumes are created. encfs would be kept out of jessie and once fixed it would manage to replace encfs-ro. However, the drawback is that the old encryption layer would still be present in upgraded systems until fix happens and reaches a stable release. I do not have a clear opinion about what is better. Regards, -- Agustin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
