----- Original Message ----- > On 8/17/2010 7:54 AM, Steven S. Critchfield wrote: > > > > Need to point out proper unix tools do 1 thing and do it well. > > > > Tar is very happy punting its creation to STDOUT. You could then do > > any number of pipes to throw the data through encryption apps that > > take STDIN > > as a source. I believe there are plenty of options for GPG and SSL > > tools that will take the stream and encrypt it. Then you are just > > another redirection > > to put the stream to the output device be it a file on a drive or to > > tape. > > > > Don't bloat the simple tools, keep them simple. Let us smart people > > string them together to get the job done as we need them. > > > > The problem with straight encryption of a tar stream like that is that > if you have an error in the stream (quite possible with tape), > everything after that is scrambled (Possibly not with all encryption > schemes). I would hope something that was handling it directly would > either be doing file-by-file encryption or at least have some kind of > way of recovering the coherence of the stream. It would be terrible to > lose /var/lib/customer_data.db because of a bit error in > /etc/debian_version.
Seems if that was the way you did backups, you would probably have deeper problems. Backups of system files should be in different backups for data. How often do you change the system, and how often should you backup data? But understood about stream encrypting vs block encrypting. But again with the right tool doing small parts. I'll point out that tar supports --use-compress-program PROG This lets you embed the encryption into tar itself. -- Steven Critchfield cri...@basesys.com -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
