On Mon, 2 Apr 2012, Lennart Poettering wrote:
On Mon, 02.04.12 16:55, Steve Grubb (sgrubb@redhat.com) wrote:
What about forensics? Any reboot erases information that might have been needed to see what happened during a break in.
/tmp is already volatile and cleaned up in regular intervals. The new clean-up on boot is just one tiny bit of additional clean-up.
there is a big difference however with files in /tmp being around for 30 days, and the files being cleaned on a reboot, which might be necessary to get the system in a reliable enough state to do any forensics.
This also means a big change in user experience as many will be expecting things in /tmp to remain there for a while before being deleted even if the system is restarted or crashes.
Michael Young