> Encrypt user home directories individually
Why though? This seems like a terrific way to make stuff unrecoverable.
Top-level
> Encrypt user home directories individually Why though? This seems like a terrific way to make stuff unrecoverable. 8 comments
Why encrypting home directory individually rather than say full disk encryption? 1. Keep users safe from each others The design team is looking at the options for recovery. @samthurston @sonny @eloquence the idea AIUI is to use systemd-homed. But you need desktop environment-level support so that you can set it up & recover in case of emergency without having to be able to operate a command line. (Not my project, I'm just a spectator!) @eloquence @sonny as an admin, if I want to protect users from each other I set appropriate permissions. As a user if I have data that needs to be protected from other users I encrypt it. @samthurston most potential new users probably don’t have your skill and competence to |
@samthurston
I don't think that's necessarily the case, but I do agree of course that the recoverability story is really important for all encryption features, whether full-disk or home directory level. @sonny may be able to provide more detail on the specific goals.