I just talked to Ticki and he said he would support that.

As a personal note: is it really the right place to support encryption? I seem to remember that APFS's encryption had a pretty bad reputation in terms of actual security.

> I seem to remember that APFS's encryption had a pretty bad reputation in terms of actual security.

Based on what exactly? APFS actually has really good security. You can encrypt on a per-file or per-directory basis. Each per-file key can be encrypted with different levels (the shared key or per-user keys, so permission bypasses are useless).

As in I'm pretty sure that in a previous job, I received semi-official government-issued guidelines: « Don't use it, we know how to crack it, and we're pretty sure that we're not the only ones. If you value your data, use TrueCrypt instead. »

It was pretty thin on details, and the stuff may have been fixed in the meantime, but here you go.

Maybe there's a misunderstanding here, but how could you have gotten advice about APFS in a "previous job", when APFS was only announced a few months ago (and doesn't even have a stable release yet)?

Are you sure you don't mean CoreStorage's encryption? APFS isn't even finished yet.

Ah, I'm probably confusing, then. Sorry for the noise.

That's actually a really bad form of encryption as you leak info on per file encryption.

All the alternatives I've seen lose authentication, so it's at least not so clear cut.

Are you maybe thinking of something else? APFS is officially "experimental" right now. Allegedly it'll be released in 2017. https://en.wikipedia.org/wiki/Apple_File_System