On Thu, 2006-03-23 at 22:50 -0800, Panu Matilainen wrote: > We have a corporate policy requiring encryption of the *entire* disk > (obviously /boot is an exception), not just /home. It may be a bit > extreme but if you start encrypting stuff, /tmp, /var and swap are an > absolute must to cover as well, otherwise you'll be leaking company > secrets you viewed as mail attachmets to unencrypted /tmp etc. > > Oh btw, obviously there is a performance hit to encrypting everything but > it's nowhere near as bad as one would think, in fact is almost > unnoticeable on normal use. Sure, when running a fully encrypted system > and testing another installation inside VMware which is also encrypting > the disk it things start to get <cough> a little <cough> sluggish ;) > > Anyway, it would be very very nice to finally have fs encryption directly > supported in FC. Just so there's no confusion: I'm all for it being supported. I'm just not for it being the default. -sv
