Hi, Chris!
Thank you for your thoughts, I strongly agree with your line of
thinking.
On 06.05.2024 09:45, [email protected] wrote:
Isn't it one of the key features of BIT, compared to other backup
tools, that you can access the backup itself without using your backup
tool? The backup is just a bunch of files and folders you can use and
investigate with your regular file system tools.
Yes, definitely. I think it's one of the main points that set backintime
apart from other backup tools.
But when you use EncFS (or another way of encryption) this features is
lost. I have not used EncFS in the wild. I might be wrong.
Well, yes and no. Let's look at the two fundamental cases:
1) If you create a backintime backup, you can access the backup:
1a) WITH backintime (normal usage), or
1b) WITHOUT backintime (regular file system access, alternative tools,
rescue situation).
2) If you create a "backintime+encfs backup", you can access the backup:
2a) WITH backintime+encfs (normal usage), or
2b) WITHOUT backintime but WITH encfs (manually decrypt with encfs, then
regular file system access), but:
2c) WITHOUT backintime and WITHOUT encfs, you have no access to your
files.
If EncFS really is the reason for losing this feature I ask myself if
it wouldn't be "better" for BIT to really remove EncFS and not replace
it with something else. It would give BIT a more focused set of
features and behavior.
I strongly agree. In the case of EncFS, we also see the "danger" of
integrating it tighly with backintime: If EncFS is insecure, a feature
of backintime is insecure. If EncFS is abandoned, a feature of
backintime is abandoned.
The same could (in theory) happen with any other encryption tool that we
choose to integrate: GoCryptFS, cryfs or whatever.
Encryption is another job a user should achieve with another tool; e.g.
encrypted file system container or an encrypted filesystem (some LUKS
magic).
And it's easy to do: with LUKS integrated into the kernel, transparent
FUSE mounts for filesystem-layer encryption tools etc., you can easily
apply any encryption you want to a backintime backup. Just mount your
target folder, and backintime go brrrrr ;)
I am aware that there are lot of backup tools out there offering
encryption. But these tools producing a backup in a format that can be
used (and restored) only with the backup tool itself. So this is a
another group of users targeted here.
True: duplicati, borg, restic, ... basically, and tool in this list:
https://github.com/restic/others that has the tag "encryption", but not
"filesystem" (like backintime).
Marking EncFS as deprecated and reading the reactions of users about it
will give us an idea about how much needed such a feature is.
My guess is that there will be a small proportion of hardcore users who
have grown used to this feature, and who will be disappointed.
We might ease their pain by offering a ready-made user-callback script
that will mount their encfs target folder (instead of backintime itself
doing that). It will not be the same, though, because browsing through
the encrypted backups will no longer work without mounting manually (I
think).
Cheers
Michael
_______________________________________________
Bit-dev mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/bit-dev.python.org/
Member address: [email protected]
