provide easy+secure backup/restore mechanism
What sorts of things does a schleuder installation need to back up to protect against bad things happening?
how can it avoid having the backups be a source of weakness to the encrypted mailing list itself?
how can we make it easy to restore a schleuder instance from such a backup?
It's tempting to just say "copy everytihng in /etc/schleuder
and /var/lib/schleuder
", but that would mean copying secret key information, API keys, etc, which would make the backup itself a really tempting target for the purposes of decrypting messages sent to a schleuder list, or for compromising access to the REST api.
In the event of a catastrophic failure, it might make the most sense to
- generate a new key for each list
- to revoke the old keys
- to re-generate all API keys
If we want to streamline this process, then the backup might need to contain revocation certificates for the keys in question (not the secret keys themselves) and avoid shipping API keys entirely. The backup might also not need to contain all the keyrings, or maybe just pointers to them?
I'm imagining this as something that might even be doable from the schleuder-cli
, so that the client connecting to the REST API could make a backup of configuration of a schleuder installation, and that backup could then be replayed upon reinstallation by the new schleuder user to get back to the same state (albeit with different keys).