On Tue, Jun 18, 2019 at 02:23:31PM +1200, Kai Huang wrote: > Assuming I am understanding the context correctly, yes from this perspective it seems having > sys_encrypt is annoying, and having ENCRYPT_ME should be better. But Dave said "nobody is going to > do what you suggest in the ptr1/ptr2 example"? You have to phrase that as: 'nobody who knows what he's doing is going to do that', which leaves lots of people and fuzzers. Murphy states that if it is possible, someone _will_ do it. And this being something that causes severe data corruption on persistent storage,...