On Mon, Sep 23, 2019 at 12:17 am, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote:
My working assumption is that g-i-s and Users panel need to grow the ability to present appropriate interface for per user encryption; maybe that could be as simple as an "encrypt" checkbox at user creation time, ticked by default.
Does it really need to be optional? What would be a Workstation use-case for disabling homedir encryption?
1. How to handle Anaconda vs GNOME encryption features? a. It's not apparent that the two offerings differ, how they differ, that they can be combined, that combining them has consequences. b. In the Installation Destination spoke, "Encrypt my data" is visible and unchecked by default. It could be construed as user home only encryption. It is, however, full disk encryption (minus /boot). c. If user chooses this option in the installer, now what? Do not enable or even present the GNOME encryption features? Or double encrypt? d. Alternatively, does it get renamed to better indicate it's full disk encryption? Or remove it entirely?
Remove it entirely from the simple installation path at least. This is important because it doesn't meet our requirements for internationalization so we don't want non-expert users to use it once we have home encryption working. Perhaps hide it away under advanced partitioning.
If the user enables LUKS anyway, then double encryption seems fine to me. That's not an installation path we need to expect or optimize for.
2. Consequences of an fscrypt/ext4 only solution a. Users choosing anything other than ext4 not only don't get user home encrypted by default, they can't opt into what we're initially proposing. b. In some sense it diminishes the message that privacy of user data is important, because it comes with a "only if you pick ext4" catch. c. How would the user be informed of a & b (goes back to #1).
I think we really only need to make sure the default path leads to a good result. Switching filesystem away from ext4 is something only expert users will attempt to do, and that can only be done using advanced partitioning anyway. Expert users can live with the consequences of their choices. Let's focus on making sure the simple installation path works well.
Michael _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
