[arch-devops] Secondary backup ideas
Florian Pritz
bluewind at xinu.at
Thu Jan 11 20:31:57 UTC 2018
On 11.01.2018 20:47, Thore Bödecker via arch-devops wrote:
> Use duplicity/duply on the servers for our secondary backup-chain.
I used to have duplicity for my personal backups and compared to borg is
felt awfully slow and we need at least twice the space of a full backup
plus the incrementals which might be a problem in the future.
> This would be a considerable benefit over borg for the secondary
> backup chain as the servers themselves are not able to decrypt their
> own backups, hence an attacker couldn't do that either.
I'm not sure why an attacker would be interested in the backup data when
they have access to the source data. Unless they are really interested
in history and not current data that seems moot. Future data would be
easy to get if they just stay hidden until that data is current.
Thinking about the rsnapshot/borg-bug situation some more, it might be
nice if we have monthly/bi-weekly tarballs on glacier for 2-3 months so
that we can roll back to an old borg version/operating system that
worked. Also that would be a totally second chain, similar to what you
aimed at with duplicity. The low frequency would also allow us to keep
the additional load relatively low.
Florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 858 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20180111/a778b314/attachment.asc>
More information about the arch-devops
mailing list