Open jamu85 opened 2 years ago
@jnweiger mind to have a statement on this, a QA pov ?
@jamu85 Do you say, user-key encryption or master-key encryption is dangerous, or both?
The recommendations "run a file-scan" and "make sure enough space" are general enough, to be always true. I have no information about incompatibilities with files_antivirus or ransomware_protection.
The most dangerous part from my POV currently is https://github.com/owncloud/encryption/issues/327
WHAT Needs to be Documented?
Enabling the encryption on a production system is not very clear about the conditions. It should be stated very clear, that this is a risky process.
WHERE Does This Need To Be Documented (Link)?
https://doc.owncloud.com/server/10.8/admin_manual/configuration/files/encryption/encryption_configuration.html https://doc.owncloud.com/server/10.8/admin_manual/configuration/files/encryption/encryption_configuration_quick_guide.html
WHY Should This Change Be Made?
We do not recommend enabling encryption on a production system and should clearly state that out. If it should be enabled on a production system, various preconditions need to be full filled. E.g. Disable Ransomware Protection Disable file_antivrus Make sure the storage has enough space Run a file scan before starting the encryption
There might be still other condition that can cause a failing of the encryption process which leaves the files in an undefined state. As this highly depends on the system, data and infrastructure, general statements are hard to make. But at least it should be stated out, that a failed encryption process, destroyed the instance!
Customers trying to achieve that, also need to make sure that they have to have a proper backup to jump back if anything fails.