On Fri, Dec 6, 2019 at 9:41 AM John M. Harris Jr <johnmh@xxxxxxxxxxxxx> wrote: > > On Friday, December 6, 2019 8:27:32 AM MST Marius Schwarz wrote: > > "Figure out intersection with current work to use the TPM to allow > > booting to GDM without entering the password." > > > > Means, if someone steals the device, he can boot a system. Even if we > > assume that the systemcode is safe and there is no way to interrupt the > > bootprocess, we are now able to attack the login, which will be much > > easier than the encryption key, which is massive compared to the > > passwords in use. > > Yeah, there are a contingent here that believe that it's not necessary to > ensure the person booting the device is actually authorized to access the > content of the laptop.. Is it your position that encrypting ~/ alone is not an incremental improvement? Are you suggesting it's necessary to assume Fedora Workstation users are subject to targeted attacks? And therefore install time default must encrypt /, /home, swap? And that this targeted attack, that applies to everyone, does not include targeted attacks on unencrypted /boot or the bootloader for reasons you refuse to elaborate on? And you propose that users should have to opt out of this, rather than opt in? > And, because it makes things "easy" for the user, I get the feeling something > like this will wind up getting implemented. Oh well. It's already implemented. There is no encryption by default. You've set up a false dilemma where the only two valid options are do nothing and do what you want. You reject all intermediate options, dismissing them out of turn without any meaningful evaluation. And that's on top of having said you are unconcerned with GNOME and don't care about the outcome. If you don't care, why are you still arguing? -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
