From owner-freebsd-current@freebsd.org Tue Oct 20 00:43:03 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DC3BFA19815 for ; Tue, 20 Oct 2015 00:43:02 +0000 (UTC) (envelope-from yonas@fizk.net) Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7554892C for ; Tue, 20 Oct 2015 00:43:02 +0000 (UTC) (envelope-from yonas@fizk.net) Received: by wicfv8 with SMTP id fv8so5526137wic.0 for ; Mon, 19 Oct 2015 17:43:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fizk.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=AzymCWcvRyn1R2hOvHDMHPi19bin2k5wTVc/sHCQygw=; b=FnFcET8YZ8g5gr0iW6+WCTRdZPHv417N8hT7h/ma42DZszqBOcdqSL9XQy7DEL1zOM ZdKum2IVwyvBoX1vN5oP65AV3z7F74zx+SWh5hDOVEuPorldT1ljgvvXh6rwgyr2tpUR 4nxk2dtQBwlJZw+NiNbCbkOq5w6kARhSkdHeM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=AzymCWcvRyn1R2hOvHDMHPi19bin2k5wTVc/sHCQygw=; b=CRw0SFP7f5R/DuCHg5NlSGjoqrT3toGFHokmUPFDsYYb8UGicYsJTmyO3BNIbKyXZ/ xvrEw9xzK6QtmzAXCEzSoD246pIqMgO/Y1iU/kGNMyICdP8dBU5u8WmmFPG/0XhedfpC zi2IOeYpD8GLrrQSyNbHjPIsV/IljmSNTgYSVonTHyKfEbeH4jzSo1Fd4fO7XCX0ard9 W/Z2jfl2+kV3cHcW9Zd0UooPJ+tUKrbLVBGbDMdNR+mnyWjaqXsqfCP2tKibKfBBVH2c 7mMLZWbLTt/Yhy+LZtHY6fSM5246IkWAQQs8J2tvkneVW9kjVUY6cEm/w48/Lo718+KG EJSA== X-Gm-Message-State: ALoCoQkwiwHFr3Khx5HqiDggz5t0K7+5DYjjZiMDTwoTZ/iNeRy8y3DaVdDG+s2RgyBW0pYBs1N6 MIME-Version: 1.0 X-Received: by 10.194.7.232 with SMTP id m8mr337707wja.56.1445301780724; Mon, 19 Oct 2015 17:43:00 -0700 (PDT) Received: by 10.28.55.17 with HTTP; Mon, 19 Oct 2015 17:43:00 -0700 (PDT) X-Originating-IP: [174.113.187.236] In-Reply-To: <20151019234406.GA88752@cons.org> References: <56237623.5010702@fizk.net> <20151019234406.GA88752@cons.org> Date: Mon, 19 Oct 2015 20:43:00 -0400 Message-ID: Subject: Re: Depreciate and remove gbde From: Yonas Yanfa To: Martin Cracauer Cc: freebsd-current@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Oct 2015 00:43:03 -0000 Hi Martin, thanks, that raises some interesting points. After reading PHK's paper on GBDE, I can see enough differences between GDBE and GELI that warrant keeping GDBE. [ At this point for me, this part is theoretical, but it's still interesting ] I've seen the concerned made a few times that we need to support existing users. That's true up to a point. There's always going to be a way to transition from GDBE to GELI if we really want to (eg. a conversion tool), or were forced to for any reason (full decrypt and re-encrypt), so we shouldn't be keeping GDBE in the tree solely for this reason alone. GDBE should be in the tree for it's technical merits (which I've found it does have). However, if it turns out in X years from today GELI can do everything GDBE can do and better, then I would say we should figure out a way to remove GDBE. On Mon, Oct 19, 2015 at 7:44 PM, Martin Cracauer wrote: > Yonas Yanfa wrote on Sun, Oct 18, 2015 at 06:36:19AM -0400: > > > > Is there any objection to removing gbde? How many people use gbde? When > > have you used gbde over geli, and why? > > You would exclude all current users from accessing their existing > filesystems or whatever they put into that block device. > > A conversion tool would pretty much be forced to use the current > kernel layers (doing the block chaining in userspace would be > annoying), and it would be fundamentally unsafe to have your > half-converted filesystem on disk in case of an interruption. Plus I > think GELI uses a bigger header so you might fall short by a couple of > bytes and you can't do anything about it on the block level with no > access to the filesystem. > > And people might not have their gbde units accessible right now, it > might be on a laptop in a closet on a different continent. > > Martin > -- > %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% > Martin Cracauer http://www.cons.org/cracauer/ >