On Thu, Dec 5, 2019 at 4:03 AM Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote: > With FDE running and "Suspend-to-disk" selected in your screensafer > settings, you get asked for your password on hw wakeup before your > system gets back running. If someone wants to use such things, he > already can. FDE depends on initramfs and plymouth to present the UI for volume unlock passphrase. That stack is limited, and presents numerous UI/UX, a11y, i18n, and other problems , that must be considered in the evaluation to enable it by default. And that is the context, how to better secure user data by default. The mandate is not to make it perfect. It's to do better. > Where is the advantage of homed, considering, that only encrypting > /home, is a major security flaw by itself. All your goals are already > there and it's more useful and secure too :) I really have a problem > understanding why you wanne implement a security flaw and call it "better". Please read "LUKS by default" https://pagure.io/fedora-workstation/issue/82 If you read the whole thing, you should come to understand why the initial agreement to implement full disk encryption was suspended, and also that this issue has a history proving it is being taken seriously and deliberately. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
