Re: ecryptfs is unmaintained and untested

public inbox for ecryptfs@vger.kernel.org
 help / color / mirror / Atom feed

From: "René Herman" <rene.herman@gmail.com>
To: code@tyhicks.com, root@linuxmint.com
Cc: arnd@arndb.de, arnd@kernel.org, damien.lemoal@opensource.wdc.com,
	ecryptfs@vger.kernel.org, linux-kernel@vger.kernel.org,
	tytso@mit.edu, willy@infradead.org
Subject: Re: ecryptfs is unmaintained and untested
Date: Mon, 16 Feb 2026 12:53:56 +0100	[thread overview]
Message-ID: <d12201a7-70e5-4402-853b-44538feb24af@gmail.com> (raw)
In-Reply-To: <ZyKf6ZSZrETI+4/S@redbud>

> It would be good to discuss how we can get the message out to users to
> migrate off of eCryptfs so that functionality can be reduced and
> eventually it can be removed.
> 
> What do folks think about the following?
> 
> 1. Print loud warnings at mount time that eCryptfs is deprecated and
>    give a specific date when write support will be removed.
> 2. Remove write support at that date, while retaining read-only support
>    to allow any lagging users to move their data to fscrypt or other
>    alternatives.
> 3. Print loud warnings at mount that eCryptfs will be removed and give a
>    specific date.
> 4. Remove it.
> 
> Suggestions on lead times for #2 and #4 would be appreciated.

FWIW. Ever since Ubuntu dropped eCryptfs home-directory encryption 
already in I believe 18.04 from now 8 years ago, Linux Mint has probably 
been the single biggest consumer of eCryptfs: while based on Ubuntu, 
they've added back eCryptfs home-directory encryption in the installer 
ever since Ubuntu dropped it.

In the Mint project lead's latest blog he/they moreover proudly 
announced that their upcoming new & shiny GUI user-management tool will 
now support enabling home-directory also for at runtime added accounts 
(which up to now is done with adduser --encrypt-home from the command 
line only) rather than just the first, installer- created user account, 
and I am pretty much certain that the idea there still is *eCryptfs* 
home-directory-encryption. Mint is not the kind of project that 
routinely goes low-level.

https://blog.linuxmint.com/?p=4991

In any case then this is to say that they seem to not be planning on 
moving off of eCryptfs -- and Linux Mint is (probably?) the most popular 
Linux Distribution for/among new Linux users.

Have been commenting on this a bit as well on their forum, advocating 
for fully doing away with eCryptfs, but quite unsure that'll have any 
meaningful impact. Added the Mint project lead to the CC on this. If 
there's any progress to report on slashing eCryptfs he/they may want to 
be aware.

Regards,
Rene

next prev parent reply	other threads:[~2026-02-16 11:53 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-28 14:18 [PATCH] eccryptfs: select CONFIG_BUFFER_HEAD Arnd Bergmann
2024-10-28 15:02 ` ecryptfs is unmaintained and untested Matthew Wilcox
2024-10-28 21:50   ` Arnd Bergmann
2024-10-29  4:33     ` Theodore Ts'o
2024-10-30 21:06       ` Tyler Hicks
2026-02-16 11:53         ` René Herman [this message]
2025-10-14  6:07       ` John Stultz
2025-10-14 14:39         ` Theodore Ts'o
2025-10-14 16:38           ` John Stultz
2025-10-14 16:54             ` Martin Steigerwald
2025-10-14 17:52             ` Theodore Ts'o
2025-10-14 16:52           ` Martin Steigerwald
2025-10-14 20:35           ` Eric Biggers
2025-10-15  1:31             ` Theodore Ts'o
2025-10-15  2:23               ` Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d12201a7-70e5-4402-853b-44538feb24af@gmail.com \
    --to=rene.herman@gmail.com \
    --cc=arnd@arndb.de \
    --cc=arnd@kernel.org \
    --cc=code@tyhicks.com \
    --cc=damien.lemoal@opensource.wdc.com \
    --cc=ecryptfs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=root@linuxmint.com \
    --cc=tytso@mit.edu \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox