On Mon 01 Jul 2019 at 06:05:52 (-0400), Gene Heskett wrote: > On Monday 01 July 2019 03:52:55 Jonathan Dowland wrote: > > On Sun, Jun 30, 2019 at 12:45:57PM -0400, Gene Heskett wrote: > > >At this point, I'd call it a buster delaying bug. That last is going > > > to cost too many that can't ignore it and don't have unencrypted > > > backups. Thats going to be a lot of very bad PR. > > > > It's the release teams call, generally speaking, and one of the things > > they might factor in is the size of the user-base for the troublesome > > package. I'm surprised to find that it's extremely small according to > > popcon data: less than 1% of reporters: > > https://qa.debian.org/popcon.php?package=ecryptfs-utils > > > > Compare just two alternatives: > > > > encfs: 1.14% https://qa.debian.org/popcon.php?package=encfs > > cryptsetup: 15% https://qa.debian.org/popcon.php?package=cryptsetup > > That does put a better light on it. From the comments so far, I was > thinking I'm one of the few not using it. I've depended on dd-wrt > between me and the internet for the last 16 years, and even before that > I was on dialup and the dialup folks didn't have enough bandwidth to > attract the black hats, so I've never been touched.
I was under the impression that these two forms of security, firewalls and encryption, are completely orthogonal. Once you've unlocked, say, an encrypted partition, you're now reliant on the firewall to keep strangers out of your files. OTOH a perfect firewall is of no benefit when your laptop is stolen. > With all the publicity this thread has given the issue, I'll change my > mind (as if it matters to the team :) and say adequate notice and > mitigating paths seems to have been given. Those that are using it I'd > call pretty advanced and are reading this list just for the notices > given so they shouldn't be surprised. So I'll do an Andy Capp and > shuddup. The grey area is for me is the relative benefit of encrypting file by file compared with the whole partition. Assuming that there's just one passphrase involved in each scenario, is more protection given by the former method? After all, once a partition is unlocked, all users on the system are able to read all the files, subject to the normal unix permissions, ACLs, etc. Cheers, David.
