On Fri, 2006-04-28 at 14:01 +0200, Bas Wijnen wrote: > I think it's a very bad idea to give the system administrator read access to > all your files, just because he wants to make backups. There already is a > form which can be used for recovering, because we have a persistent system. > Making a backup should simply consist of copying the snapshot.
I agree that the administrator should not be able to read my files unless I give permission. Allowing the system administrator to copy the snapshot is equivalent to allowing them to browse the raw disk. If you need a personal backup, and you do not want the administrator to be able to read your files, then what you want is a way that (a) the administrator can make a copy, but (b) it will be encrypted using a private key known to you before the bits are disclosed to the administrator. Unfortunately Marcus is terribly confused, and believes that the mechanisms needed to support this are intrinsically evil. Any system that can support this successfully can also support DRM. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
