On Friday, December 6, 2019 3:22:48 PM MST Chris Murphy wrote:
Is it your position that encrypting ~/ alone is not an incremental
improvement? Are you suggesting it's necessary to assume Fedora
Workstation users are subject to targeted attacks? And therefore
install time default must encrypt /, /home, swap? And that this
targeted attack, that applies to everyone, does not include targeted
attacks on unencrypted /boot or the bootloader for reasons you refuse
to elaborate on? And you propose that users should have to opt out of
this, rather than opt in?
There's a lot to unpack here, so let me break this down.
Encrypting $HOME would certainly be "an incremental improvement", but it
shouldn't be done unless the user chooses to do it, and it probably shouldn't
be done using the same passphrase they use for their user account. That should
be up to the user to decide, of course. If they want to use the same
passphrase, far be it from me to attempt to stop them.
A much better solution would be to push users towards giving full disk
encryption a try. I'd recommend doing this by a prompt during partitioning
that has no default option, but is simply a "Yes" or "No" as to
whether or not
they want it encrypted, when using default automatic partitioning.
/boot should also be encrypted. I have never said otherwise.
I believe I've already answered the question as to "opt out of this, rather
than opt in", but I'll make that a bit more verbose. I don't believe that
either should be forced upon the user. It's an important decision, and one
which should be made by the user, not by somebody else that thinks they know
best. There are some that argue that more options make the installation
"harder" or a "worse experience". I'd argue that those people are
understating
the value of these important options.
It's already implemented. There is no encryption by default.
That's not what I was referring to. That was in reference to the use of keys
stored on a TPM to automatically decrypt the system at boot time.
You've set up a false dilemma where the only two valid options
are do
nothing and do what you want.
I've not said anything which would indicate that to be the case, nor do I
believe I have all of the answers. I've never stated that there are only two
valid options. I've only stated that some things which have been suggested are
not valid options, and I've attempted to provide ideas for potential
solutions. That's the end goal, collaborative suggestions leading to the best
potential solution.
You reject all intermediate options, dismissing them out of turn
without any
meaningful evaluation.
Do you have an example of this? I don't believe that's the case. If you're
referring to systemd-homed, there are a myriad of issues with it, which I and
others have brought up in this thread and elsewhere.
And that's on top of having said you are unconcerned with GNOME
and don't
care about the outcome. If you don't care, why are you still arguing?
GNOME is not the only desktop environment in Fedora.
--
John M. Harris, Jr.
Splentity