On Friday, December 6, 2019 3:22:48 PM MST Chris Murphy wrote: > Is it your position that encrypting ~/ alone is not an incremental > improvement? Are you suggesting it's necessary to assume Fedora > Workstation users are subject to targeted attacks? And therefore > install time default must encrypt /, /home, swap? And that this > targeted attack, that applies to everyone, does not include targeted > attacks on unencrypted /boot or the bootloader for reasons you refuse > to elaborate on? And you propose that users should have to opt out of > this, rather than opt in? There's a lot to unpack here, so let me break this down. Encrypting $HOME would certainly be "an incremental improvement", but it shouldn't be done unless the user chooses to do it, and it probably shouldn't be done using the same passphrase they use for their user account. That should be up to the user to decide, of course. If they want to use the same passphrase, far be it from me to attempt to stop them. A much better solution would be to push users towards giving full disk encryption a try. I'd recommend doing this by a prompt during partitioning that has no default option, but is simply a "Yes" or "No" as to whether or not they want it encrypted, when using default automatic partitioning. /boot should also be encrypted. I have never said otherwise. I believe I've already answered the question as to "opt out of this, rather than opt in", but I'll make that a bit more verbose. I don't believe that either should be forced upon the user. It's an important decision, and one which should be made by the user, not by somebody else that thinks they know best. There are some that argue that more options make the installation "harder" or a "worse experience". I'd argue that those people are understating the value of these important options. > It's already implemented. There is no encryption by default. That's not what I was referring to. That was in reference to the use of keys stored on a TPM to automatically decrypt the system at boot time. > You've set up a false dilemma where the only two valid options are do > nothing and do what you want. I've not said anything which would indicate that to be the case, nor do I believe I have all of the answers. I've never stated that there are only two valid options. I've only stated that some things which have been suggested are not valid options, and I've attempted to provide ideas for potential solutions. That's the end goal, collaborative suggestions leading to the best potential solution. > You reject all intermediate options, dismissing them out of turn without any > meaningful evaluation. Do you have an example of this? I don't believe that's the case. If you're referring to systemd-homed, there are a myriad of issues with it, which I and others have brought up in this thread and elsewhere. > And that's on top of having said you are unconcerned with GNOME and don't > care about the outcome. If you don't care, why are you still arguing? GNOME is not the only desktop environment in Fedora. -- John M. Harris, Jr. Splentity _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
