On 25-05-17 11:38:44, Duncan Thomas wrote: > On 25 May 2017 at 11:00, Lee Yarwood <lyarwood at redhat.com> wrote: > > This has also reminded me that the plain (dm-crypt) format really needs > > to be deprecated this cycle. I posted to the dev and ops ML [2] last > > year about this but received no feedback. Assuming there are no last > > minute objections I'm going to move forward with deprecating this format > > in os-brick this cycle. > > What is the reasoning for this? There are plenty of people using it, and > you're going to break them going forward if you remove it. I didn't receive any feedback indicating that we had any users of plain when I initially posted to the ML. That said there obviously can be users out there and my intention isn't to pull support for this format immediately without any migration path to LUKS etc. As for the reasoning, the main issue I've seen reported against plain is that there's always a potential for data loss if an incorrect passphrase or options are provided when opening the device [1]. There are further reasons for choosing LUKS over plain documented in various places [2][3][4] that all seem to suggest that it is a better and safer choice. Lee [1] https://bugs.launchpad.net/nova/+bug/1639221 [2] https://security.stackexchange.com/questions/90468/why-is-plain-dm-crypt-only-recommended-for-experts [3] https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions [4] https://wiki.archlinux.org/index.php/Disk_encryption#Block_device_encryption -- Lee Yarwood A5D1 9385 88CB 7E5F BE64 6618 BCA6 6E33 F672 2D76