On Monday 01 July 2019 09:33:35 David Wright wrote: > On Mon 01 Jul 2019 at 06:05:52 (-0400), Gene Heskett wrote: > > On Monday 01 July 2019 03:52:55 Jonathan Dowland wrote: > > > On Sun, Jun 30, 2019 at 12:45:57PM -0400, Gene Heskett wrote: > > > >At this point, I'd call it a buster delaying bug. That last is > > > > going to cost too many that can't ignore it and don't have > > > > unencrypted backups. Thats going to be a lot of very bad PR. > > > > > > It's the release teams call, generally speaking, and one of the > > > things they might factor in is the size of the user-base for the > > > troublesome package. I'm surprised to find that it's extremely > > > small according to popcon data: less than 1% of reporters: > > > https://qa.debian.org/popcon.php?package=ecryptfs-utils > > > > > > Compare just two alternatives: > > > > > > encfs: 1.14% https://qa.debian.org/popcon.php?package=encfs > > > cryptsetup: 15% > > > https://qa.debian.org/popcon.php?package=cryptsetup > > > > That does put a better light on it. From the comments so far, I was > > thinking I'm one of the few not using it. I've depended on dd-wrt > > between me and the internet for the last 16 years, and even before > > that I was on dialup and the dialup folks didn't have enough > > bandwidth to attract the black hats, so I've never been touched. > > I was under the impression that these two forms of security, firewalls > and encryption, are completely orthogonal. Once you've unlocked, say, > an encrypted partition, you're now reliant on the firewall to keep > strangers out of your files. OTOH a perfect firewall is of no benefit > when your laptop is stolen. > > > With all the publicity this thread has given the issue, I'll change > > my mind (as if it matters to the team :) and say adequate notice and > > mitigating paths seems to have been given. Those that are using it > > I'd call pretty advanced and are reading this list just for the > > notices given so they shouldn't be surprised. So I'll do an Andy > > Capp and shuddup. > > The grey area is for me is the relative benefit of encrypting file by > file compared with the whole partition. Assuming that there's just one > passphrase involved in each scenario, is more protection given by the > former method? After all, once a partition is unlocked, all users on > the system are able to read all the files, subject to the normal unix > permissions, ACLs, etc. > > Cheers, > David.
Whole filesystem encryption would be a total non-starter for me. File by file with different passwd's according to whats in the file would make far more sense to me. Thats my $0.02. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>