From owner-freebsd-current@freebsd.org Sun Oct 18 23:30:05 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7DF9BA1868A for ; Sun, 18 Oct 2015 23:30:05 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from slim.berklix.org (slim.berklix.org [94.185.90.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0205310C for ; Sun, 18 Oct 2015 23:30:03 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from mart.js.berklix.net (p5B22690F.dip0.t-ipconnect.de [91.34.105.15]) (authenticated bits=128) by slim.berklix.org (8.14.5/8.14.5) with ESMTP id t9INVL5t023411; Mon, 19 Oct 2015 01:31:21 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id t9INTsBI043382; Mon, 19 Oct 2015 01:29:54 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id t9INTarc018248; Mon, 19 Oct 2015 01:29:48 +0200 (CEST) (envelope-from jhs@berklix.com) Message-Id: <201510182329.t9INTarc018248@fire.js.berklix.net> To: Yonas Yanfa cc: freebsd-current@freebsd.org Subject: Re: Depreciate and remove gbde From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Sun, 18 Oct 2015 06:36:19 -0400." <56237623.5010702@fizk.net> Date: Mon, 19 Oct 2015 01:29:36 +0200 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Oct 2015 23:30:05 -0000 Yonas Yanfa wrote: > Hi, > > It seems geli is the standard way of encrypting disks. It's extremely > flexible and usually recommended by the community over gbde. Moreover, > geli is mentioned a lot more in the mailing lists and forums. & global community uses DOS-FS more, & mentions MS more than BSD. ;-) Popularity is not sole index of what everyone should be constrained to use. > gbde's man page explicitly says that gbde is experimental and should be > considered suspect. Just an old cautious initial description, that I recall long predates geli. > That seems reason enough to finally depreciate and > remove it in favour of geli. No, very naieve. No need to remove gbde & disrupt existing users. Perhaps a reason to re-balance cautious description in both. > The Encrypting Disk Partitions page in the Handbook discusses gbde > first, and describes geli as an alternative. This seems odd, shouldn't > this be the other way around? It was written in historical order. > Is there any objection to removing gbde? Yes. Daft to disrupt users. > How many people use gbde? Not so useful to ask on Current@ which tends to use the latest tools eg geli; try hackers@ or questions@ etc, realise usage of BSD does not require registration or membership of Any BSD mail list or forum. Usage of GBDE more so. Gbde could well be essential on production servers, but unless admins are also programmers on current@, they won't even see your idea to remove gdbe. > When > have you used gbde over geli, and why? Gbde came first, some won't have needed more or wasted time to learn an alternate they did not need. Others may have reasons they may not publish. Without analysis, deprecating gbde is not sensible, & removal worse. Please research & contribute a handbook section, with URLs & text comparing gbde & geli (& other crypt FS in ports/ ?), including eg: - Processor & IO load of both, - Crack testing of both if any, - History of code review & quality of both. etc - Patent liabilities of either ? licensing ? - Compatability of both with other OSs if any, - Any possiblities for standards approvals of either by any bodies (that usually requires funding, so with 2 maybe more chance of 1 being funded ?) Cheers, Julian -- Julian Stacey, BSD Linux Unix Sys. Eng. Consultant Munich http://berklix.com Reply After previous text to preserve context, as in a play script. Indent previous text with > Insert new lines before 80 chars. Use plain text, Not quoted-printable, Not HTML, Not base64, Not MS.doc.