Mailinglist Archive: opensuse-factory (355 mails)

< Previous Next >
Re: [opensuse-factory] TW partitioning propsal swap

On Sun, Mar 8, 2020 at 14:18, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote:
On Sun, Mar 8, 2020 at 12:49 PM Christian Boltz <opensuse@xxxxxxxxx> wrote:
This is somewhat similar to the discussion if you really need to encrypt
the root partition, or if encrypting /home is good enough. IMHO it
isn't, because for example files in /tmp/ can also contain sensitive
data which you don't want to have unencrypted. For example, when you
click a PDF attached to a mail in KMail, it will get stored in /tmp/
before it gets opened.

/tmp really should be on tmpfs.

The UI/UX of asking the user for two passphrases (boot separate from
login) is not acceptable. And further, neither the GRUB nor initramfs
environments are sufficiently sophisticated to support i18n, and a11y
needs properly. Piecemeal effort here and there to only enhance the
security of English language users, and users who restrict their
passphrases to ASCII, is just not a modern solution.

Plymouth actually supports translating the boot screen, so I don't see
why that couldn't be extended to the password prompt it can create. As
for a11n, we have gfxboot which does tts basically in grub. I would say
both i18n and a11y are possible very early in the boot process, we just
don't see much development in that front.

The main issue in my eyes is that with boot stuff we are stuck in the
90s. When Windows bootloader and UEFI can utilize mice connected to
basically every desktop computer (not to mention a11y and i18n), we are
here attempting to be as backwards compatible as possible, which while
great, ignores the possibilities the current technologies actually give
us. GRUB2 works great for servers and pre-UEFI machines, can't we really
have something else on the desktop? Something that is capable of
providing us mouse/touch input methods, a11n features, and a
language/keyboard selector.

LCP [Stasiek]

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups