Introduction
============

See also issue #37

A feature not typically available in other trash-emptying implementations
is the ability to use arbitrary shell utilities (such as srm, shred, and
the like) to remove files. It'd be nice if the empty-trash command took a
flag (say, '-s') to provide for such functionality.

Suggested Command Line
======================
::
 
    empty-trash --shred

This command would shred all the trashed files and the trashinfo files in all 
trash directories.

Things to be defined:
 - How the secure shredding should be implemented? Calling an external command 
   or using some python library?
   - No extant Python shredding library. The only 
     [http://reconstructor.aperantis.com/index.php?option=com_remository&Itemid=33&func=fileinfo&id=166 
     other implementation] I could find just calls wipe.
 - What to do if the existing command is not found?
   - Take a command-line option to select a supported method, and perhaps a 
     config-file option. Otherwise, look for one of the supported methods and 
     remember which one was available last time?
     - I was talking about how the trash-empty should behave if the external 
       is not available. In any case this would be defined clearly when we 
       wrote the use cases.

Use cases
=========

User want to shred all trashed files of all trash directories. So he/she types 
the command::

 $ trash-empty --shred 

The trash-empty command will silently shred all trashinfo and trashed files 
from all trashed directory.  The wiping is implemented calling the `shred` 
command from the coreutils for each file to be wiped.

Exceptions
----------

Suppose that: 
 * `shred` is not available in $PATH. 
 * the trashcan contains at least a trashed file.

The behaviour should be

 $ trash-empty --shred
 trash-empty: Unable to shred `filename' (shred: command not found). You need shred from coreutils.
 $ echo $(($?==0))
 1

Permission Denied
-----------------

Suppose that: 
 * `shred` is available in $PATH. 
 * `shred` permissions are `--x` (could not be read from the user)
 * the trashcan contains at least two trashed file.

The behaviour should be:

 $ trash-empty --shred
 trash-empty: Unable to shred `filename' (shred: Permission denied).
 $ echo $(($?==0))
 1

The error message should be displayed once and the command should not attempt 
to re-execute shred with others files (even if there are multiple files in 
trash directories).

User shouldn't install additional software
------------------------------------------

The shred operation would be implemented against the `shred` command line 
utility.
The `shred` was chosen because is part of the coreutils which is virtually 
installed in all major GNU/Linux distributions.

User shouldn't configure the software
-------------------------------------

We don't add the support to multiple commands because this would increase the 
complexity of the user interface of the `trash-empty` command and the other 
choices does not offer something very different from `shred`.

If someone feel the urge of doing arbitrary command on all trashed files we 
can always add a `for-each-trashed-files` command or use a combination of an 
hypothetic `list-all-trashed-files` and `xargs` command.

Implementation details
======================

Things to do: 
 - create a TrashedFile.securepurge() method
 - implement command line options handling in empty-trash command
 - create a DeletionUtility abstraction, and implement methods for the three 
   utilities below?

See also
========

Secure deleting is implemented in these shell utilities:
 * shred (part of the coreutils package)
 * srm (part of secure_deletion package from http://www.thc.org)
 * [http://wipe.sourceforge.net/ wipe]

Limitations
===========

This features could be less useful that one can think. As stated in the 
[http://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html 
shred documentation] (in the "Please note") the shredding operation could not 
be safe on many cases such as use of RAID, and the Ext3 in data=journal mode.

