Hi,
We've evaluated BackupPC and have found it to be excellent.We
particularly like its approach to pooling data and the ability to use
standard protocols (e.g. rsync + ssh) for data transfer.
We would like to use it in a commercial setting, but are constrained by
having to adhere to information security standards, in particular Cyber
Essentials (https://www.ncsc.gov.uk/cyberessentials/overview), which
requires for all software that "... a vendor has committed to support by
providing regular vulnerability fixes.The vendor must provide the future
date when they will stop providing these.".The vendor here needn't be a
commercial entity - an open source project is a vendor as far as the
standard is concerned.
This is currently a problem for us, since it would not appear that there
has been a BackupPC release since v4.4.0 in June, 2020, and it is not
clear that, for example, rsync-bpc has been patched for any security
updates for CVEs that may have arisen in rsync since then (e.g.
https://ubuntu.com/blog/rsync-remote-code-execution).
Are there any plans to produce a new release of BackupPC (and rsync-bpc
etc.) that pulls in security updates associated with its dependencies?
Thanks,
Steve
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: https://github.com/backuppc/backuppc/wiki
Project: https://backuppc.github.io/backuppc/
