#3293 Issue `open`: BACKUP=DUPLICITY may source third party code¶

Labels: cleanup, discuss / RFC, critical / security / legal

jsmeix opened issue at 2024-07-23 09:46:¶

See
https://github.com/rear/rear/issues/3285#issuecomment-2244545130

The current code related to the find_duply_profile function
and the DUPLY_PROFILE* variables looks rather messy.

At least at first glance I cannot make sense of it.

@rear/contributors
it should be verified before the ReaR 3.0 release
if third party code could be sourced here
or if all is reasonably safe.

gdha commented at 2024-08-13 09:08:¶

Details can be found at https://www.thomas-krenn.com/en/wiki/Backup_on_Linux_with_duply#conf_File
Duply is a wrapper around duplicity.
It is up to the end-user to enter his/her password in the configuration file of duply. We advise never to write passwords in plain text files, but rather use secure key pairs.

[Export of Github issue for rear/rear.]

#3293 Issue open: BACKUP=DUPLICITY may source third party code¶

jsmeix opened issue at 2024-07-23 09:46:¶

gdha commented at 2024-08-13 09:08:¶

#3293 Issue `open`: BACKUP=DUPLICITY may source third party code¶