search

fetzerms / cryptboot-ssh

Retrieve cryptsetup keyfiles via ssh automatically at boot.
GNU General Public License v2.0
19 stars 9 forks source link

Move setup commands to wiki? #17

Open 459below opened 6 years ago

459below commented 6 years ago

It seems to me, that the setupScripts do everything, which the README.md documents. Wouldn't it be less confusing to new users, if the README tells the user precisely how to use the script and let the manual setup reside in the wiki part of the project? I mean so far it seems to me the script works flawlessly.

fetzerms commented 6 years ago

I am currently unsure, whether we should propse the scripts or not. Currently my idea was to have people actually do stuff, in order to understand what happens. Even tho, most people might simply be copy & pasting things from the wiki.

I think we could use the manual setup as the "paranoid" or "expert" set up and make the script based ones the default.

As a transition in between, I suggest we/you create some README.md in the scripts folder, which we can move/merge later on.

What do you think?

459below commented 6 years ago

Yes, I think understanding what is happening in the setup is critical, since this is a somewhat advanced feature. However I suppose, that those who want to understand exactly what happens are going to look into the documentation and those who want to play around and quickstart this will probably skim through the README anyway.

I agree on your plan to transition. I would suppose a quickstart README to the script and maybe some diagrams to bring the basic idea of the setup across.

459below commented 6 years ago

Maybe it's wise to add some kind of disclaimer regarding potential data loss. I can't think of anything these scripts do that would render the encrypted partition inaccessible, however I may overlook something. For example, if someone was to take it on their own to delete the key in the LUKS partition to clean up and accidentally deletes all keys, to whom they may have access at least, it would render the data inaccessible. So just to caution anyone, who might expect intrinsic failsafes here.

fetzerms commented 6 years ago

Yes. I think we might also simply add it to "Security considerations".

459below commented 6 years ago

Oh... it seems that I wrote those two scripts? I did not remember. Sorry, I certainly did not mean to be presumptuous in any way.

fetzerms commented 6 years ago

Don't worry - I agree with you. We should make the transition to a script based setup.