On Thu, Jul 11, 2013 at 9:48 AM, Jeremy Stanley <email address hidden> wrote:
Okay, so stepping back a bit, it's not really a question of literally
zeroing the block device in this case, but rather whether or not secure
delete is enabled for LVM2 snapshots. Does this mean the report here is
effectively a duplicate of bug 1134768? If so, it sounds like we're
<jdg>:Yes, it's a duplicate.. and before anyone asks, no I don't remember why I marked it as won't fix, but that should not have been the case.</jdg>
proposing an announcement that secure delete is off by default because
it's broken on Debian derived distributions, but that deployers who want
to enable it for their environments are free to do so.
<jdg>:That's my thought exactly, I'll actually just set a flag and turn the old "dd/zero" method back on as an option while folks argue about the proposals currently in flight for how to do this better.</jdg>
If that's the situation, this probably is better suited to drop into the
OSSN queue (likely with a CVE assignment), rather than issue an OSSA. Am
I misinterpreting this?
<jdg>I was unfamiliar with OSSN, but that does seem more appropriate to me.</jdg>
On Thu, Jul 11, 2013 at 9:48 AM, Jeremy Stanley <email address hidden> wrote:
Okay, so stepping back a bit, it's not really a question of literally
zeroing the block device in this case, but rather whether or not secure
delete is enabled for LVM2 snapshots. Does this mean the report here is
effectively a duplicate of bug 1134768? If so, it sounds like we're
<jdg>:Yes, it's a duplicate.. and before anyone asks, no I don't remember why I marked it as won't fix, but that should not have been the case.</jdg>
proposing an announcement that secure delete is off by default because
it's broken on Debian derived distributions, but that deployers who want
to enable it for their environments are free to do so.
<jdg>:That's my thought exactly, I'll actually just set a flag and turn the old "dd/zero" method back on as an option while folks argue about the proposals currently in flight for how to do this better.</jdg>
If that's the situation, this probably is better suited to drop into the
OSSN queue (likely with a CVE assignment), rather than issue an OSSA. Am
I misinterpreting this?
<jdg>I was unfamiliar with OSSN, but that does seem more appropriate to me.</jdg>