Hi Ged,
Thanks for your considered reply. I have some sympathy with your
perspective on Cyber Essentials, but as you say this probably isn't the
place to discuss it. Needless to say, not all business requirements
arise from internal decisions and so sometimes our hands are tied.
Currently we are having a hard time convincing ourselves that the
requirements of Cyber Essentials are compatible with use of BackupPC,
primarily due to the apparent lack of an active "vendor", which is a
real shame. Unfortunately, I don't think we can argue that mailing list
advice (which you kindly linked) on secure configuration accounts for a
genuine/approved vendor fix.
Despite the above, it's great to see that users are actively monitoring
emerging security issues and helping one another to continue to use
BackupPC securely where other business constraints allow it. Long may
this continue!
You noted, I think, that rsync-bpc should not be vulnerable to
https://ubuntu.com/security/CVE-2024-12085. But according to
https://www.cve.org/CVERecord?id=CVE-2024-12085 it seems that affected
rsync versions are "from 0 through 3.3.0 ", so perhaps this might be
just cause for a patch? Or I may have misunderstood.
We would be happy to consider supporting some ongoing maintenance of
BackupPC with occasional donations etc. I guess if a few other
organisations might also consider it then it may be sufficient to fund a
little ongoing maintenance / patching and occasional releases for an
interested team of developers.
Thanks again,
Steve
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: https://github.com/backuppc/backuppc/wiki
Project: https://backuppc.github.io/backuppc/
