[slightly re-arranged segments below] On Sat, Sep 25 2021 at 09:03:37 PM, Default User <hunguponcont...@gmail.com> wrote: > > In Vorta, under the "Sources" tab, there is an area (window) for input > into which you can type or paste text, such as: > > **/.cache > > to denote exclusions, that is, things you do not want to back up. > This is from /home/debian_user/.config/backintime/config: > > . . . > profile1.snapshots.exclude.1.value=.gvfs > profile1.snapshots.exclude.2.value=.cache/* > profile1.snapshots.exclude.3.value=.thumbnails* > profile1.snapshots.exclude.4.value=.local/share/[Tt]rash* > profile1.snapshots.exclude.5.value=*.backup* > profile1.snapshots.exclude.6.value=*~ > profile1.snapshots.exclude.7.value=.dropbox* > profile1.snapshots.exclude.8.value=/proc/* > profile1.snapshots.exclude.9.value=/sys/* > profile1.snapshots.exclude.10.value=/dev/* > profile1.snapshots.exclude.11.value=/run/* > profile1.snapshots.exclude.12.value=/etc/mtab > profile1.snapshots.exclude.13.value=/var/cache/apt/archives/*.deb > profile1.snapshots.exclude.14.value=lost+found/* > profile1.snapshots.exclude.15.value=/tmp/* > profile1.snapshots.exclude.16.value=/var/tmp/* > profile1.snapshots.exclude.17.value=/var/backups/* > profile1.snapshots.exclude.18.value=.Private > . . . > > Of course that is expressed in backintime's own configuration > "language", and would probably need to be translated into borgbackup's > equivalent "language". > ... > And that isn't even (afaik) Fnmatch! > (BTW, I have read what you referenced as ' Run "borg help patterns" '. > I'm afraid it wasn't very helpful to me.)
I mean you should run the command "borg help patterns" (without quotes) from a terminal. That produces detailed explanation of what kinds of patterns borg supports, including examples. The same content is also available in the borg-patterns manpage. It also mentions the --dry-run option that you can use to try your patterns out. fnmatch is similar to shell pattern matching, like the backintime configuration fragment you've shown above. You can take those as-is if you want all of those to apply. The patterns above that start with / will not apply to your scenario, where you're backing up /home/debian-user. >> [https://defuse.ca/audits/encfs.htm] talks about issues with encfs >> design. There is nothing backintime can do to fix those. >> >> borg can encrypt its backup images, and it recommendeds enabling that. >> So an adversary would not get access to the encfs ciphertext directly. >> They could get access to borg ciphertext instead, which may or may not >> be vulnerable to the same problems. AFAIK there hasn't been a security >> audit of borgbackup itself. The page at >> https://borgbackup.readthedocs.io/en/stable/internals/security.html#borgcrypto >> describes the design of borg security. >> > > I shall take for granted that backintime developers do not code encfs. > Fine. But after 7 years (at least), why haven't they replaced encfs > with a "safer" encryption scheme, or at least just removed it and > simply not replaced it at all? IMHO, either option would seem far > better than the status quo. I had misunderstood the scenario. I'd read it as you using backintime to backup encfs-encrypted content, not realizing that backintime uses encfs to provide encrypted backups. -- regards, kushal
