Excerpts from Mackenzie Morgan's message of Wed Jan 04 07:48:44 -0800 2012: > On Wed, Jan 4, 2012 at 9:36 AM, Phillip Susi <[email protected]> wrote: > > Why bother encrypting / instead of just /home? We already have /home > > encryption, which seems to meet the needs of most people. > > IIRC, certificates like for IPSec and SSL are stored outside of /home, > and having those compromised is bad news. >
And there are services which store data for users in /var, like a local MTA's outgoing mail queue, that could be extremely critical. The idea of having the whole disk encrypted is mostly a safety net against poorly written software and slight mistakes. If you really have sensitive emails/IPSec/SSL certs, you should encrypt and/or sign them. But somewhere, some script is going to accidentally put your data in /var or /tmp unencrypted right before a thief steals your laptop and then sells the data to an identity theft ring. +1 for putting this on the list for 12.10. -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
