Note: Initially sent to David off list, he asked me to reply to the list. David,
Thanks for your response! I'm replying privately intentionally for various reasons -- I may summarize some of this on list at some point. On Tuesday, December 22, 2020 07:20:39 PM David Christensen wrote: > Thank you for offering to improve Debian documentation. :-) You're welcome, but I wasn't making a general offer to improve documentation, just to fix something that I thought was misleading. And, I have a little trouble understanding what you are suggesting. Keep reading. Aside: Maybe I should explain why I was reading (some of) that wiki page: I need to setup a few encrypted partitions for backup of some encrypted data (currently backed up in only one place, on the same computer). So I have an interest in (better) learning how to set up LUKS partitions (without regard to LVM). But, I've also been curious about LVM (without much intention of using it) -- when I started skimming the LVM wiki page and found the stuff on LUKS I decided that would be worth reading in view of my first interest (LUKS). Further / farther aside: The secondary interest in LVM was sparked by some clues in the ongoing thread(s) on debian-user that pointed to (or lead me to) some gotchas that, if I were to start using LVM I'd want to be very aware of (for instance, that adding a partition to an LVM wipes out any data on that partition. > I agree that the content of "LVM" Debian Wiki page "Encrypted LVM" > section could use some improvement. > > > AIUI backing up aLinux Unified Key Setup (LUKS) header will save a copy > of the metadata for a LUKS volume, which includes secure hashes of the > passphrases (and/or keys) used to access the contents (such as a Linux > Volume Manager (LVM) volume). As I was reading parts of that wiki page again (again in the LUKS section) I started to realize that (to me) the more important thing (rather than creating backup passwords) is creating a backup of the LUKS header. I guess that is what you are suggesting. (Again, I might, or might not revise the wiki to say that, if that is your point. If that is not your point, I need some amplification.) > So, while "Backup passwords" -> "Step" -> > 2.1 and "Restore password" -> 1.1 may describe useful system > administration procedures, these subsections have conceptual and > technical issues. Well, except for the one discussed previous to this sentence, I don't know what they are -- I might be interested in learning what they are, but not sure I'm interested in rewriting the document to reflect them more correctly. > The subjects of multiple passphrases and/or keys for encrypted items > (volumes, filesystems, directories, files, etc.) and disaster > preparedness/ recovery of encrypted volumes and/or containers are > related, but different. Regarding the first subject and LUKS, I would > expect the first to appear on a wiki page for "LUKS" (which does not > appear to exist). Yeah, I guess I can see that perhaps some of the discussion of LUKS on this page could / should be moved to a page specifically on LUKS, or as you mention below, to a wiki page on BackupAndRecovery. Again, I'm probably not ready to do that (although to a certain extent I do enjoy writing and spend too much time doing (or trying) to do it. > The latter subject for LUKS could be a useful > addition to the "BackupAndRecovery" wiki page: > > https://wiki.debian.org/BackupAndRecovery > > > David