On Wed, Dec 4, 2019 at 9:01 AM Roberto Ragusa <mail@xxxxxxxxxxxxxxxx> wrote: > > On 12/4/19 12:28 AM, Chris Murphy wrote: > > > I actually prefer the idea that'd if I'm not logged in, my data is > > considered at rest and crypto home is locked, in contrast to how FDE > > does it which treats my data as not at rest even though I'm not logged > > in at all. > > On the other hand I would expect my cronjobs to be able to run "as me" > even if I'm not physically present. > This "logged in" concept coming from Windows and OS X never fits too well > with Linux. It's a valid use case that is being taken into account. The open question is the degree of "lock down" by default. You'd still be able to opt out of login being tied to ~/ encryption, if that is incongruent with your workflow. And you'd still be able to opt into a conventional full disk encryption scheme instead. Other alternatives: a. At least on ext4, you can today selectively encrypt directories and files, so you could have an non-encrypted ~/ by default, and choose what directories to encrypt. There's no GUI assistance for this yet that I'm aware of. b. If you can clearly compartmentalize our use cases, you can have two accounts, one is encrypted and other not. I think the later two put a lot of burden on the user to figure out and manage. I'm not sure there's a way for GNOME or systemd-homed to directly support such use cases, but I also don't expect it would stand in the way of user implementation of such a scheme. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
