Bret Lambert wrote: > ... > The fact that you have to *change* a setting to get it to *not* encrypt > swap should be a strong indicator that the default is to do so.
Yes. That's what I wrote: according to sysctl, encryption is enabled by default. But the examples in /etc/sysctl.conf are set up the opposite of how many other tools are. Many tools have the *defaults* listed in the configuration file, such as OpenSSH and Apache, not the opposites of the defaults. It's not wrong one way or the other. However, the lines at the head of the sysctl.conf file could be made more clear about whether the items below simply identify the default or do the opposite. Currently: # This file contains a list of sysctl options the user wants set at # boot time. See sysctl(3) and sysctl(8) for more information on # the many available variables. Could be: # This file contains a list of sysctl options. See sysctl(3) # and sysctl(8) for more information on the many variables # available. Uncommenting the lines below will change the # variables set at boot time. -Lars
