On 04/11/2018 01:31 AM, Christian Kujau wrote: > On Wed, 28 Mar 2018, Tyler Hicks wrote: >> I think that's a good plan. While eCryptfs has been fairly stable for >> quite some time, it is starved for maintenance attention these days as >> you've noticed with this thread. :/ > > I wonder why that is. I use ecryptfs extensively to encrypt user's home > directories, and it works just great and thanks to pam_ecryptfs almost > out-of-the-box. I always disliked the hoops one has to go through to setup > dm-crypt & PAM in a proper and sane way and ecryptfs works well enough. That's really nice to hear that it is stable and easy to use. However, its design from a filesystem perspective is complex and inefficient. The reason why it is starved for maintenance attention is mostly due to dwindling manpower as we're pretty much down to me at this point. I only have a small amount of time to tend to it due to other priorities and the fact that, in Ubuntu, we're pushing new installs of the upcoming 18.04 release to use full disk encryption rather than file based encryption. It is still available to use but not integrated into the OS installer. > What alternatives are out there? fscrypt is not quite there yet, same for > encrypted ext4. I wonder what other people use to encrypt a user's home > directory. Full disk encryption seems to be pretty popular, but is equally > tricky to set up properly. fscrypt popped onto the scene a little too late for us to commit to outright replacing eCryptfs with fscrypt in 18.04. I hope that it ages well and we make more use of it soon. > > So, thanks for keeping ecryptfs alive, I guess :-) Thanks for speaking up. It is appreciated. :) Tyler > > Christian. >
Attachment:
signature.asc
Description: OpenPGP digital signature
