Hello everyone,
My proposal is to remove the option to encrypt the home folder for the following reasons:
- The
ecryptfs recovery process is very tedious, and the "easy" command ecryptfs-recover-private does not work in many environments.
Ecryptfs is considered deprecated and unsafe by many users, as described here: https://lore.kernel.org/lkml/20230403134432.46726-1-frank.li@vivo.com/T/- Files inside the home folder with
ecryptfs have messed-up creation and modification dates.
- This function could be especially distracting for first-time users. They might not be aware of the issues that could arise later.
- We have another encryption method inside the installer for the whole system (LUKS with LVM). Perhaps we should highlight this more, but that is a separate issue.
Ecryptfs would only be graphically available for the first user, which is inconsistent.
It is yet to be decided whether we should just hide this option or, for example, disable it by default and only enable it with a specific terminal command.
What do you think about this?
Please let me know.
Hello everyone,
My proposal is to remove the option to encrypt the home folder for the following reasons:
ecryptfsrecovery process is very tedious, and the "easy" commandecryptfs-recover-privatedoes not work in many environments.Ecryptfsis considered deprecated and unsafe by many users, as described here: https://lore.kernel.org/lkml/20230403134432.46726-1-frank.li@vivo.com/T/ecryptfshave messed-up creation and modification dates.Ecryptfswould only be graphically available for the first user, which is inconsistent.It is yet to be decided whether we should just hide this option or, for example, disable it by default and only enable it with a specific terminal command.
What do you think about this?
Please let me know.