On Sun, Nov 1, 2009 at 3:36 AM, Joachim Schipper <joac...@joachimschipper.nl> wrote:
> I can't tell whether you miss the point or are arguing that a 90% > solution is good enough. I understand that when I do this *only* /home is encrypted. The title says it all, right? > In the first case: try it. Run vi(1) on some file. Observe the file full > of zeroes in /var/tmp/vi.recover. Edit some stuff in the file. Observe > the file full of snippets of your original file in /var/tmp/vi.recover. > Generalize this behaviour to many other applications. Again, this does not concern me. If it concerns you, then do the 100% solution you mention. > In the second case: OpenBSD isn't about 90% solutions, and this sort of > thing is exactly why "HOWTO"-style documents are regarded with deep > suspicion here. If 90% is good enough for you, go ahead - but don't tell > others to do it that way. Not even with a huge flashing banner saying > 'this is a bad idea' at the top. It's not a howto for others to follow. The man pages are for that. I only share this with misc for the sake of criticism (such as this). Your point is that it does not encrypt enough. However, it encrypts exactly what I would like encrypted. I'm not trying to stop GCFA technicians from producing evidence to be used against me in court (perhaps you are), I am stopping the average thief from pursuing my /home files. That's all I hope to accomplish. Brad
