On Mon, Sep 23, 2019 at 7:27 AM Michael Catanzaro <mcatanzaro@xxxxxxxxx> wrote: > > > > On Mon, Sep 23, 2019 at 12:17 am, Chris Murphy > <lists@xxxxxxxxxxxxxxxxx> wrote: > > My working assumption is that g-i-s and Users panel need to grow the > > ability to present appropriate interface for per user encryption; > > maybe that could be as simple as an "encrypt" checkbox at user > > creation time, ticked by default. > > Does it really need to be optional? What would be a Workstation > use-case for disabling homedir encryption? Plausibly a preference for performance or simplicity over privacy? Is there a use case for installing Fedora Workstation, subsequently installing another DE, and switching between them and using the same user home? Do users expect remote ssh connections, without having first logged into the computer itself? i.e. with ~/.ssh is encrypted and no session key yet, sshd can't read ~/.ssh/known_hosts or ~/.ssh/authorized_keys Other interoperability concerns? > > 1. How to handle Anaconda vs GNOME encryption features? > > a. It's not apparent that the two offerings differ, how they differ, > > that they can be combined, that combining them has consequences. > > b. In the Installation Destination spoke, "Encrypt my data" is visible > > and unchecked by default. It could be construed as user home only > > encryption. It is, however, full disk encryption (minus /boot). > > c. If user chooses this option in the installer, now what? Do not > > enable or even present the GNOME encryption features? Or double > > encrypt? > > d. Alternatively, does it get renamed to better indicate it's full > > disk encryption? Or remove it entirely? > > Remove it entirely from the simple installation path at least. This is > important because it doesn't meet our requirements for > internationalization so we don't want non-expert users to use it once > we have home encryption working. Perhaps hide it away under advanced > partitioning. I can't remember what replaces productimg in Anaconda, but we'll need a way for other editions, spins, remixes to pick their own behavior here. I'm not sure if this has already been done with this particular checkbox. -- Chris Murphy _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
