[Pkg-cryptsetup-devel] Bug#414326: cryptsetup: cryptsetup starting its disks should have "verify" as default

[Jonas Meurer]

On 11/03/2007 Joerg Jaspert wrote:
> Package: cryptsetup
> Version: 2:1.0.4+svn26-1
> Severity: important
> 
> I think that could also be critical, as it breaks unrelated software
> (the whole system). But as the temporary workaround is easy, lets go
> with important. Maybe serious, as IMO this is release critical, but that
> should get decided by release team
> 
> It also silently changes behaviour between sarge and etch.
> 
> The thing is simple - as subject says the option "verify" should be
> default for entries in crypttab. One can always type one letter wrong,
> and should not be left with a broken system. (Imaging having all of the
> system except / on cryptofoo).

So you suggest to ask for the passphrase twice at normal cryptsetup
startup? Do you suggest it for 'cryptsetup create' only, or also for
'cryptsetup luksOpen'?

I'm not sure whether I understand your point. You say, that the system
breaks at boot if a wrong password is typed. But that might even happen
when you need to enter it twice. Consequently, should we ask thousands
of times for the password, just to be sure that typos are unlikely?

Typing every password twice is quite annoying, and i don't believe that
many users share your thoughts about doing so by default.
Instead I encourage you to use the verify option where you need it.

I also don't understand why you claim this bug being (IYO) release critical.

Your interpretation that it "breaks [...] (the whole system)" is illogical.
Typos are user mistakes, I don't see how i may prevent them from a
maintainers point of view.
In fact you may find thousands of examples where user mistakes end up in
the system being unbootable. Are all these release-critical bugs in your
eyes?

Sorry if i simply didn't get the point, maybe you could try to explain
with other words in this case.

David, what do you think about this bugreport? Do you share my doubts?

greetings,
 jonas