james hughes wrote:
Not to add a cold blanket to this...
This would be mostly a "vanity erase" not really a serious "security
erase" since it will not over write the remnants of remapped sectors.
Indeed and as you said there is other software to deal with this for
those types of customers that need that. There are also physical
destruction methods as well.
This is intended as a defense in depth measure and also a sufficiently
good measure for the customers that don't need full compliance with NIST
like requirements that need degausing or physical destruction.
It is intended to make customers more comfortable about handing disks
back to their vendor.
Today we need to manually run format(1M)'s analyze/purge for that.
Are you saying that you don't think this is sufficiently useful that we
should implement this in ZFS or are you just pointing out that for a
some security policies this is not enough ?
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
