Re: [Duplicity-talk] Ignoring GnuPG MDC errors

[Kenneth Loafman]

Hi,

Prior to GNUpg 2.2.8, the MDC (modify detection code) was optional.  Now it's on by default.  Duplicity does a hash of the entire file so the MDC is duplication of effort.  Plus the effort is difficult when maintaining backwards compatibility.  I decided that other development was more important at this time, so turned off MDC via gpg options and got rid of the problem.  You are still protected by the hash stored in the manifest.

...Thanks,

...Ken

On Tue, Sep 4, 2018 at 5:45 PM Leo Famulari via Duplicity-talk <address@hidden> wrote:

Hi,

I'm curious about the resolution of bug #1780617 [0],
"test_sigchain_fileobj test fails when GnuPG >= 2.2.8".

The bug was filed in response to a recent change in GnuPG that made gpg
check for integrity errors ("MDC errors") in encrypted archives by
default, and to consider integrity errors to be a hard failure.

This change in GnuPG caused a test failure in Duplicity, and the
response was to unconditionally ignore the result of the integrity
check. [1]

The Duplicity web page says, "Because duplicity uses GnuPG to encrypt
and/or sign these archives, they will be safe from spying and/or
modification by the server."

I don't fully understand the impact of this change on Duplicity, or how
Duplicity stores and authenticates its archives. How does Duplicity
protect against modification of backup archives?

[0] https://bugs.launchpad.net/duplicity/+bug/1780617

[1] https://bazaar.launchpad.net/~duplicity-team/duplicity/0.8-series/revision/1308
_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity-talk