[Duplicity-talk] Ignoring GnuPG MDC errors

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-talk] Ignoring GnuPG MDC errors

From:	Leo Famulari
Subject:	[Duplicity-talk] Ignoring GnuPG MDC errors
Date:	Tue, 4 Sep 2018 18:44:48 -0400
User-agent:	Mutt/1.10.1 (2018-07-13)

Hi,

I'm curious about the resolution of bug #1780617 [0],
"test_sigchain_fileobj test fails when GnuPG >= 2.2.8".

The bug was filed in response to a recent change in GnuPG that made gpg
check for integrity errors ("MDC errors") in encrypted archives by
default, and to consider integrity errors to be a hard failure.

This change in GnuPG caused a test failure in Duplicity, and the
response was to unconditionally ignore the result of the integrity
check. [1]

The Duplicity web page says, "Because duplicity uses GnuPG to encrypt
and/or sign these archives, they will be safe from spying and/or
modification by the server."

I don't fully understand the impact of this change on Duplicity, or how
Duplicity stores and authenticates its archives. How does Duplicity
protect against modification of backup archives?

[0] https://bugs.launchpad.net/duplicity/+bug/1780617

[1] 
https://bazaar.launchpad.net/~duplicity-team/duplicity/0.8-series/revision/1308

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Ignoring GnuPG MDC errors, Leo Famulari <=
- Re: [Duplicity-talk] Ignoring GnuPG MDC errors, Kenneth Loafman, 2018/09/05
  - Re: [Duplicity-talk] Ignoring GnuPG MDC errors, Leo Famulari, 2018/09/06

Prev by Date: Re: [Duplicity-talk] File-based de-duplication
Next by Date: [Duplicity-talk] Simulate backup - create filelist
Previous by thread: [Duplicity-talk] File-based de-duplication
Next by thread: Re: [Duplicity-talk] Ignoring GnuPG MDC errors
Index(es):
- Date
- Thread