Hey, On 20/05/2011 Christoph Anton Mitterer wrote: > On Tue, 2011-05-17 at 13:48 +0200, Jonas Meurer wrote: > > - cryptsetup is not the only userspace tool which manages dm-crypt > > devices. Low-level tools like dmsetup, udev, hal; commandline tools > > like cryptmount and gui applications like gnome-mount etc. might > > unlock/lock encrypted devices as well. > That's a good point, I've completely forgot, when I've said in another > email, that I _could_ live with a cryptsetup package whose removal fails > if the are still open devices left. > > > > - the cryptdisks initscript only manages dm-crypt devices which are > > listed in the crypttab. Therefore otherwise unlocked devices are > > ignored. > Though this is another issue: > Wouldn't it make sense to try at the very end "just before > shutdown/reboot" to close any remaining _non managed_ dm-crypt devices?
I much prefer the solution that the cryptdisks initscripts manage only the devices they're taught to take care of. In other words only the devices listed in crypttab. I see the point that devices might be open that aren't closed properly at shutdown, but first I assume that kernel closes them, and second I don't want to start messing around with devices which are not properly closed by other software for whatever reason. > > Sorry Christoph, but this is simply not an option. > Out of curiosity: Did someone from the policy guys came and request this > from you? Cause we had it that way for some time now. Not "policy guys" as these don't exist. every maintainer is responsible for keeping her/his packages policy compliant. but yes, there was a bugreport: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625468 Greetings, jonas
signature.asc
Description: Digital signature
