[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Unnecessarily asking for passphrase on incremental
From: |
Georg Lutz |
Subject: |
Re: [Duplicity-talk] Unnecessarily asking for passphrase on incremental backup |
Date: |
Fri, 10 Apr 2009 21:34:37 +0200 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On 2009-04-07 15:55, Kenneth Loafman wrote:
>
> Duplicity needs the key to decrypt the remote manifest file, which it
> then compares to the local manifest to guarantee that the two are in
> sync. If you are running a recent release of duplicity, --use-agent is
> available to allow gpg to query a gpg-agent instead of the user.
>
Hi Ken,
Ok, I understand that this make the data handling much more robust and
probably fixes another severe bug.
However this breaks the nice feature that duplicity didn't need access
to a secret key just for doing backups up to version 0.5.12 . I liked
it, because the backup should work fully unattended - the concerning
workstations/servers just had to be switched on at a certain time. Now I
have to make sure to manually unlock the secret key on every machine to
let the backup happen. The same issue was recently reported as bug
#26112.
Couldn't the data integrity check been done without decrypting the
remote manifest? The archive-dir could hold e.g. an additional file with
a checksum for the encrypted remote manifest. What do you think? Would
this be feasible?
Regards
Georg
--
Georg