Re: Document removal of ecryptfs-utils from Buster
On Monday 01 July 2019 09:33:35 David Wright wrote:
> On Mon 01 Jul 2019 at 06:05:52 (-0400), Gene Heskett wrote:
> > On Monday 01 July 2019 03:52:55 Jonathan Dowland wrote:
> > > On Sun, Jun 30, 2019 at 12:45:57PM -0400, Gene Heskett wrote:
> > > >At this point, I'd call it a buster delaying bug. That last is
> > > > going to cost too many that can't ignore it and don't have
> > > > unencrypted backups. Thats going to be a lot of very bad PR.
> > >
> > > It's the release teams call, generally speaking, and one of the
> > > things they might factor in is the size of the user-base for the
> > > troublesome package. I'm surprised to find that it's extremely
> > > small according to popcon data: less than 1% of reporters:
> > > https://qa.debian.org/popcon.php?package=ecryptfs-utils
> > >
> > > Compare just two alternatives:
> > >
> > > encfs: 1.14% https://qa.debian.org/popcon.php?package=encfs
> > > cryptsetup: 15%
> > > https://qa.debian.org/popcon.php?package=cryptsetup
> > That does put a better light on it. From the comments so far, I was
> > thinking I'm one of the few not using it. I've depended on dd-wrt
> > between me and the internet for the last 16 years, and even before
> > that I was on dialup and the dialup folks didn't have enough
> > bandwidth to attract the black hats, so I've never been touched.
> I was under the impression that these two forms of security, firewalls
> and encryption, are completely orthogonal. Once you've unlocked, say,
> an encrypted partition, you're now reliant on the firewall to keep
> strangers out of your files. OTOH a perfect firewall is of no benefit
> when your laptop is stolen.
> > With all the publicity this thread has given the issue, I'll change
> > my mind (as if it matters to the team :) and say adequate notice and
> > mitigating paths seems to have been given. Those that are using it
> > I'd call pretty advanced and are reading this list just for the
> > notices given so they shouldn't be surprised. So I'll do an Andy
> > Capp and shuddup.
> The grey area is for me is the relative benefit of encrypting file by
> file compared with the whole partition. Assuming that there's just one
> passphrase involved in each scenario, is more protection given by the
> former method? After all, once a partition is unlocked, all users on
> the system are able to read all the files, subject to the normal unix
> permissions, ACLs, etc.
Whole filesystem encryption would be a total non-starter for me. File by
file with different passwd's according to whats in the file would make
far more sense to me. Thats my $0.02.
Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>