On Fri, Apr 21, 2006 at 03:00:28PM +0200, Oliver Tennert wrote:
Am Freitag, 21. April 2006 14:43 schrieb Lars Hecking:
Now, obviously SUSE ist going to switch from an absolutely not widespread solution to an obsolete solution, and furthermore announces this as a novelty for the next-generation enterprise distro. What is this? Every other Distro (Fedora, RedHat, Debian, Ubuntu et al.) is using dm-crypt and even going to
gentoo :)
integrate LUKS, only SUSE does not!
I really do NOT understand that in any way. Does anybody else?
I certainly don't - cryptoloop is not only obsolete, but has serious problems. Which is why I hacked dm-crypt support into 9.2, and I'm pretty sure it transfers to 10.0/10.1. Email me if you're interested in scripts and instructions, I meant to publish it all on ILUG but didn't find the time yet.
I am very interested though I must say that I am even more interested in not only integrating dm-crypt (which is more or less trivial) but also LUKS as THE default encrypted volume format as well.
Moreover, the most non-trivial part is integrationg LUKS in a way to encrypt the root fs, too, which needs patching the initrd.
Now, what I do not understand is: how come such a transition decision is made? It has nothing to do with (software) evolution, nor is it intelligent design. Therefore, it must be a MANAGEMENT DECISION.
We did so for SUSE Linux 9.3. At this time dm-crypt was not ready. Exchanging the crypto system, with all problems of backwards compatibility, is very difficult and error prone. We would have to throw a lot resources at it to get it right, but did not have them in the 10.1 timeframe now. We have to address this in the future, but for 10.1 its too late. Ciao, Marcus