Comment 12 for bug 434232

Cédric Dufour,
You right! In my testing system target is /dev/mapper/cryptroot and it was OK.
But when I try change it to anything else... device path is still /dev/mapper/cryptroot

source=/dev/SOMETHING (where SOMETHING means something like hda2, sda1, sda2, ...) should also work, but your way is probably better for almost all cases.

"best practices": with not encrypted libraries, executables, etc. any person with usb-live or cd-live and access to your computer can replace your libraries and executables with "extended" functionality (it can write on disk or send by network your files and/or passwords) Anyway: I can see benefits not encrypted libraries, executables... And YES, not encrypting of root in some cases may be reasonable. :)