On Sunday 30 September 2007 07:38, Ross Boylan wrote: > I would like to encrypt my backups on disk, but am concerned that doing > so relies on openssl and that may create problems down the line. Could > anyone clarify if it will? What's the best thing to do (which might be > avoiding encryption)? > > I realize that 100% certainty is unlikely; I'll settle for less! > > Details: > > I use bacula on Debian, and it has disabled openssl support because of > licensing problems (e.g., thread beginning > http://lists.debian.org/debian-legal/2007/07/msg00144.html, also the > "catch-22 thread" on this list in June). I am interested in encrypting > backups. I don't actually care about encrypting communication on the > wire, but from what I can tell either feature uses openssl. > > Does on-disk encryption depend on openssl? > > I thought I might build a version with openssl enabled, which I think is > OK as long as I'm not trying to redistribute it. > > Is there a risk that at some time in the future I will find bacula > doesn't work with openssl and will not be able to decrypt backups I > create with openssl? > > Apparently some people have been working on getting bacula to work with > GNUTLS, but Kern's plan is to relicense the sources so they can continue > to work with openssl. (I'm a little surprised the latter is possible > given that FSF is administering? holding? the license.). But it sounds > as if a transition to TLS is possible, maybe done by downstream > packagers (e.g., Debian). > > I don't know if GNUTLS is sufficiently compatible with openssl that it > would still be possible to decrypt stuff created with openssl. > > Anyway, is there a way I can encrypt my backup files that will likely > continue to work in the future?
You are perfectly free to enable OpenSSL encryption in your version. This is permitted by the copyright -- as long as you do not distribute it. Some time in the near future (probably a couple of days from now), the licensing restrictions on using OpenSSL will be eliminated. See my confirmation of Landon's email. I doubt that we will ever remove OpenSSL support from Bacula. However sometime in the future we may (not currently planned) add support for another encryption library, and it will most likely be NSS, which has higher certification levels than both GnuTLS and OpenSSL. > > Thanks. > Ross Boylan > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Bacula-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/bacula-devel ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Bacula-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-devel
