On Mon, 11 Nov 2019 00:57:03 -0500, Michael Terry writes: >But then duplicity fixed the issue with gpg encryption keys and Debian never >dropped its patch.
i disagree with that assessment: the way i read validate_encryption_settings in dup_main, resuming a backup with gpg encryption only (and no signing) will fail without the 01-reverify patch, because restore_get_enc_fileobj will fail without passphrase for decryption. >test the gpg encryption key issue (this one needs you to specify both >KEY and PASSPHRASE environment variables -- your gpg key id and >passphrase respectively). your scenario doesn't cover the case i'm trying to keep working, ie. an gpg-encrypted but not signed backup where duplicity just has a key to encrypt to and does not know any passphrases by design. given that that setup is one of the few relatively safe ones i certainly don't want to break that. when i find some time i will try to reassess the need for 01-reverify further but right now i don't see how validate_encryption_settings is supposed to succeed for gpg-encrypted-but-not-signed backups. regards az -- Alexander Zangerl + GPG Key 2FCCF66BB963BD5F + http://snafu.priv.at/ Unix and C are the ultimate computer viruses. -- Richard Gabriel
signature.asc
Description: Digital Signature
