 Confirm need to enter 2x passphrase bug 1975481 Kinetic Lubuntu
[07:41] <guiverc> thanks @Leokolb
[07:44] <tsimonq2> -1 on separate boot partition, +1 on bug report 
[07:44] <tsimonq2> Digging into it for personal reasons anyway 
[07:44] <tsimonq2> Will update by EOW, please don't jump the gun with uploads, thanks :)
[07:45]  * tsimonq2 dumps 500 gallons of boiling hot espresso on tewarde
 tks @tsimonq2 (re @lubuntu_bot: (irc) <tsimonq2> Will update by EOW, please don't jump the gun with uploads, thanks :))
 "-1 on separate boot partition, +..." <- I agree. I am fairly sure unencrypted boot works if you do it manually. Encrypted boot should be default. 
 "Will update by EOW, please don't..." <- Really brief look indicates we need to change our `fstab.conf` in cala-settings. the `crypttaboptions` key should now be `luks,keyscript=/bin/cat`
[11:55] <kc2bez[m]> In somewhat related news this has been fixed too https://github.com/calamares/calamares/issues/1818 but hasn't been released yet.
 "In somewhat related news this..." <- After reviewing this issue, I have mixed feelings...
[19:25] <tsimonq2> A) I run /tmp on tmpfs on my local system. In fact, I prefer it to /tmp on disk.
[19:25] <kc2bez[m]> I can't say that I disagree with you.
[19:26] <kc2bez[m]> I just wanted to mention it for discussion 
[19:26] <tsimonq2> B) I think we should backport that new upstream commit to provide some granularity. If someone wants that functionality changed we should either introduce an option for it or just put the settings modification on the manual, I think upstream has sane defaults.
[19:26] <tsimonq2> That being said...
[19:26] <tsimonq2> I want to hear arguments against /tmp on tmpfs for SSDs
[19:27] <tsimonq2> And I think that this article should at least be considered: https://blog.dustinkirkland.com/2016/01/data-driven-analysis-tmp-on-tmpfs.html?m=1
[19:29] <tsimonq2> I think we should consider whether we want to backport this change (probably not). Either way if we make the changes now in the development release and note in the release notes, we should be golden for some extended pre-LTS testing.
[19:30] <kc2bez[m]> That's a perfect article Simon Quigley: thanks for linking that. 
[19:30] <tsimonq2> Of course. My goto article on tmpfs.
[19:31] <tsimonq2> I used to live life on the edge. Run `cd $(mktemp -d)` and work off of there :P
[20:55] <arraybolt3> Just for the record, the 2x passphrase bug was done in a VM all by itself.
[20:55] <arraybolt3> (Not sure if that matters, but it looked like it might.)
[20:59] <kc2bez[m]> The 2x passphrase is a bug. The unencrypted boot is not. You should be able to do that manually.
[21:00] <kc2bez[m]> I posted a couple of config workarounds earlier but I haven't tested it yet.
[21:11] <arraybolt3> Oh, OK, I misunderstood. I was suggesting the unencrypted /boot by default for the sake of additional security, since encrypted /boot doesn't actually solve the problem its meant to (an attacker could just install a new OS on the target system who's entire job was to steal the passphrase, upload it, then mimic a failed boot, boom, passphrase stolen, encrypted /boot circumvented). But it was just a suggested fix with an added advantage.
[21:11] <arraybolt3> (I misunderstood thinking someone else had a different problem than the one in the bug report, and thought "unencrypted boot" meant they were dual-booting...)