Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?

From:	Georg Lutz
Subject:	Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?
Date:	Wed, 7 Sep 2011 20:24:31 +0200
User-agent:	Mutt/1.5.20 (2009-06-14)

On 2011-09-04 12:06, address@hidden wrote:
> Dan,
> 
> also read the answer to you bug comment
> https://bugs.launchpad.net/duplicity/+bug/793096/comments/11
> 

Hi Edgar,

as it seems there has already been an emotional discussion on that
topic. Therefore please don't get me wrong, I am just trying to
understand things.

That said I must admit that I too like the possibility for incremental
backups not to have to provide the secret key as I use my regular gpg
key for backup encryption (for backup signature I use a seperate sign
key). :-)

Also I see it as advantage when the backed up machine does not have to
know the secret key itself e.g. when I run duplicity on multiple
customers machines with my own public key and don't want one customer to
be able to decrypt other customers backup.

Of course decryption of backup must be done locally then. But this
happens rarely enough. :)

What I don't fully understand is why duplicity must have access to the
private key during incremental backups when a local archive with
metadata is already available. Could you explain it please?

I think one of the first bug reports was this one:

 https://bugs.launchpad.net/duplicity/+bug/435975

Apparently there has already been intentionally a support for "backup
without private key" in the past. So why exactly this support has been
dropped?

Currently I run 0.6.13 sucessfully with the LANG="" workaround. But if I
get it right this workaround caused duplicity to just correctly
identifiy the "No secret key" and return "none" instead of raising an
exception. And now (>=0.6.14) "none" leads to an error in the calling
code. Is this correct?

OK, as you write in
https://bugs.launchpad.net/duplicity/+bug/793096/comments/8 you consider
the current possibility to do backups without a secret key as a bug.

In the referenced bug #687295 the long term solution would be a hashing
comparison. Is there really a need to check the remote archive directory
against the remote one?

Regards
  Georg

-- 
Georg

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Asymmetric backups broken in 0.6.15?, Dan Loewenherz, 2011/09/02
- Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?, Martin Pool, 2011/09/02
  - Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?, Dan Loewenherz, 2011/09/03
    - Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?, Martin Pool, 2011/09/03
    - Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?, edgar . soldin, 2011/09/04
    - Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?, Georg Lutz <=
    - Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?, edgar . soldin, 2011/09/07

Prev by Date: Re: [Duplicity-talk] [Bug 793096] Re: Allow to pass different passwords for --sign-key and --encrypt-key
Next by Date: Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?
Previous by thread: Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?
Next by thread: Re: [Duplicity-talk] Asymmetric backups broken in 0.6.15?
Index(es):
- Date
- Thread