Areca Backup [LSARC/2008/681 Self Review]

Grant Zhang Grant.Zhang at sun.com
Wed Nov 5 04:51:35 PST 2008 

I agree with Mark. The point of porting many FOSS packages into Open 
Solaris is to make people comfortable enough in using the very same 
tools in Open Solaris.

Back to this case, Areca is a backup utility, not a crypto utility. 
Encryption is just one feature provided by Areca, although as you 
observed, not very strong encryption. It is possible to use Areca to 
back up the files totally unencrypted, which is not uncommon in personal 
backup space. For folks with strong security needs, encrypt(1) or mac(1) 
can still be used on the backups.

Areca is an active project and a lot of people are using it on Windows 
and Linux. Please don't reject it so we have one less choice on OpenSolaris.

Thanks,

Grant


Mark A. Carlson wrote:
> Darren,
>
> This case is to provide familiarity to Linux users coming to OpenSolaris
> and wanting to have the utilities here that they have in Linux. Once they
> are comfortable and discover some of the superior tools that OpenSolaris
> has that might be more appropriate, they will convert to those.
>
> But if they need to learn all new tools when they first get here, they
> will not stay.
>
> Darren J Moffat wrote:
>> Given the unsafe nature of the crypto in this project and the fact 
>> that it does not support ZFS ACLs or attributes I see no point in 
>> integrating this into OpenSolaris/Solaris. 
> See above.  It's not a competition for only the best tool to be chosen 
> for OpenSolaris, but more
> a matter of many tools, some good, some much better.
>>  It would in my opinion be more harmful to have it than not have it.  
>> It also provides a false sense of security due to the weak way that 
>> the passphrases are turned into encryption keys (ie there is no 
>> salting so no protection against brute force key attack).
>>
>> For personal backups it would be safer to use tar and if encryption 
>> is needed then the encrypt(1) and mac(1) commands can be used for to 
>> provide safer (than what this case provides) encrypted versions of 
>> the tar files using a documented and committed format.   Instead of 
>> this project maybe we should build a simple personal backup tool 
>> around the clis we already have in OpenSolaris.
>>   
> There are better tools, but that is not a reason to reject familiarity 
> cases,.
>
> -- mark

More information about the opensolaris-arc mailing list