On Thursday, 04/13/2017 at 11:05 GMT, Stefan Haberland <s...@linux.vnet.ibm.com> wrote: > So you always have to take care if you recycle previously used disks.
One of the tenets of a secure system is the idea that you do not leave residual data on a device that has been removed from a server. It should be formatted immediately after de-provisioning, prior to placing in the 'available' pool. The primary purpose is to ensure that confidential or other sensitive data is deleted since it is no longer under effective access control. The side effect is that you don't have to worry about driver fingerprints, smudged or partial. You also cleanse a device when it is first added to the pool since you don't know where it's been or what it's been doing. This is one of the reasons people like thin provisioning: you effectively format the device by simply releasing all of the extents. (Writing zeroes is SO twentieth century.) Of course, getting people to separate "format" from "erase" is a tall order. When all you have is a hammer.... Alan Altmark Senior Managing z/VM and Linux Consultant Lab Services System z Delivery Practice IBM Systems & Technology Group ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/