On Mon, 3 Jul 2017 02:00:22 +0200, Alessandro wrote in message
<20170703020022.7ede7fb3@ayu>:

> On Mon, 3 Jul at 2017 01:03:13 +0200
> Arnt Karlsen <arnt@???> wrote:
>
> > On Mon, 3 Jul 2017 00:42:52 +0200, Alessandro wrote in message
> > <20170703004252.748a9c7f@ayu>:
> >
> >> Il giorno Wed, 28 Jun 2017 19:38:11 +0200
> >> Didier Kryn <kryn@???> ha scritto:
> >>

> >>> Le 28/06/2017 à 15:40, Stephan Seitz a écrit :  
> >>> > And today you should always encrypt your discs.     

> >>>

> >>>      I don't see any reason to encrypt /usr. You might like to
> >>> encrypt /etc because it contains user names and (already
> >>> encrypted) passwords. But definitely there is no reason to
> >>> encrypt everything.  

> >>
> >> Valid reasons to encrypt /usr include:
> >>
> >> 1) /usr resides on the same partition as / and/or /home (trivial
> >> case); 2) protecting its files from being tampered with when the
> >> device is offline;
> >> 3) making harder to someone who can access your
> >> offline HD understand which partition is /, or /usr or /home, so
> >> that the attacker will have to try to decrypt them all;
> >> 4) you put stuff in /usr/local that might contain
> >> keys/passwords/sensitive information that would better be kept
> >> protected.
> >
> > ..if you wanna protect /usr/local, chop that off /usr and
> > encrypt, mount etc them all as you damned please.
>
> /usr/local was standardized for a reason. You might do as you like
> on your personal PC, maybe you're not as free to do the same on your
> company's server/workstation.

..a corner case might be company centralized maintenance on hardware
where you mount your handy encrypted /usr/local, /opt, /home/arnt etc
while keeping the company un-encrypted hardware accessible for e.g.
airport etc 'Securitate.'

> You might have /opt bind-mounted
> on /usr/local, and have lots of stuff there you don't want to peruse
> to see if any of it would better be kept away from prying eyes (like
> VM images). What specific reasons do you have *not* to encrypt /usr
> in a machine that has / and /home encrypted? What do you gain by
> that?

..not much, all valid reasons to encrypt.
On Mon, 3 Jul 2017 02:20:22 +0200, Alessandro wrote in message
<20170703022022.2e7ff012@ayu>:
> I forgot to mention: leaking your collection of installed software
> is sometimes itself leaking personal and possibly sensitive
> information about yourself and your business, for the same reasons
> TCP/IP traffic metadata is important in it's own right.

..precisely, can easily be done by e.g. airport etc 'Securitate' or
by your own network traffic.

> Plus, if you travel extensively, you might not know if the place
> you're traveling into has enacted some restrictions on the kind of
> software you are allowed to own and run.

..precisely, is why you research upfront and plan ahead, even
for tin foil kinda stuff ... oh wait, who's #45? ;oD

--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.