[tahoe-dev] backup, revision control

Greg Troxel gdt at ir.bbn.com
Sun Jan 16 12:53:09 UTC 2011


"Zooko O'Whielacronx" <zooko at zooko.com> writes:

> On Sat, Jan 15, 2011 at 6:26 AM, Greg Troxel <gdt at ir.bbn.com> wrote:

(Will digest rest later; my quick reaction is that I like to decouple
filesystems and backup tools a bit more than how tahoe backup seems to
work.  I also have not thought about I feel about pack files vs many
small ones.)

>> What I've done so is take a directory, tar it up, gpg encrypt it, and
>> then drop it in a grid.   Overly paranoid maybe, but cap handling isn't
>> as careful as key handling.
>
> Why not? I'd like to know more about this! Do tell. :-)

Two points:

  Command line tools for tahoe are less functional than WUI, so it's too
  tempting to use the WUI, which means firefox/etc. handles caps, which
  is obviously unsafe.  Getting to the point where I don't want to use
  the WUI beyond seeing server status is one of my gating conditions
  before real use.

  With gpg, one uses the agent which holds the private key, and goes to
  great lengths to wipe memory, avoid swapping, etc.  I have no reason
  to believe that the python code in tahoe client/server does this, but
  maybe I'm totally confused on this point.

The second point is far less serious, because it doesn't make files in
tahoe any worse than cleartext files in the local filesystem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20110116/808907f4/attachment.pgp>


More information about the tahoe-dev mailing list