FC7 plan comments
Tomas Mraz
tmraz at redhat.com
Wed Dec 20 22:07:11 UTC 2006
On Wed, 2006-12-20 at 16:23 -0500, Jeremy Katz wrote:
> On Wed, 2006-12-20 at 22:20 +0100, Ralf Ertzinger wrote:
> > I'd be happy for working dm-crypt support. The kernel bits work, but I
> > can neither install (sanely) on such a device, and initrd support (for
> > encrypted /) seems to be missing, too.
>
> The problem is that how do you handle this in the initrd? You want to
> be able to prompt a user (in their native language) as well as support
> their native keymap. This could very easily require an X server and a
> lot of fonts and other bits. At which point, exactly what are you
> trying to accomplish?
>
> Encrypting data? Very interesting.
> Encrypting the OS bits that anyone can download? Much less interesting,
> IMHO
At least an encrypted swap is a requirement so sensitive data are not
left unencrypted on disk. /tmp and some /var subdirs are also
questionable.
The swap could be enabled after boot is finished when X server is
running. /tmp and /var could be a tougher problem.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Fedora-maintainers
mailing list