You are viewing a plain text version of this content. The canonical link for it is here.
Posted to sysadmins@spamassassin.apache.org by "Kevin A. McGrail" <ke...@mcgrail.com> on 2017/06/01 13:20:21 UTC
Re: Backups & Crashplan
On 5/31/2017 2:52 PM, Dave Jones wrote:
> On 05/30/2017 05:44 PM, Kevin A. McGrail wrote:
>>
>>> We should add /etc and /var/www and exclude
>>> /usr/local/spamassassin/backups since it's so large.
>> Added/excluded as suggested. Thanks very much for the feedback
>
> Do we need to setup crashplan to run under supervisord and have monit
> email the sysadmins if it stops running again?
Need? No, CP alerts me if it doesn't run a backup for a few days. I
don't know why it stopped though...
> Yes. They look fine. I can create the recovery gpg key if you want me
> to then get it over to the infra team for long-term storage. Then we
> would need to resign everything with it plus the current sysadmins' keys.
Yes, this would be good for June 14th when I can give the GPG key
personally to Greg.
Re: Backups & Crashplan
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 6/1/2017 9:30 AM, Dave Jones wrote:
> Where should I put the private key then? If you are going to
> personally see Greg, then it may make more sense for you to generate
> it offline so the private key is not checked into SVN or emailed from
> me to you.
Sorry, I wasn't clear. In my head, I had been thinking about giving him
just the passphrase out of band.
If you generate a key pair with a ridiculously strong passphrase which
you can relay over the phone, we can then email the private, passphrase
protected key pair to Greg. I'll follow-up with the passphrase in
person. Then once you and I confirm we have the private key off the
server and safely onto our own network, we are safe enough I believe.
Then we should only need the public key in our key rings to encrypt it
to that sysadmins@ account.
This matched what Greg discussed a week or 3 ago.
Regards,
KAM
Re: Backups & Crashplan
Posted by Dave Jones <da...@apache.org>.
On 06/01/2017 08:20 AM, Kevin A. McGrail wrote:
> On 5/31/2017 2:52 PM, Dave Jones wrote:
>> On 05/30/2017 05:44 PM, Kevin A. McGrail wrote:
>>>
>>>> We should add /etc and /var/www and exclude
>>>> /usr/local/spamassassin/backups since it's so large.
>>> Added/excluded as suggested. Thanks very much for the feedback
>>
>> Do we need to setup crashplan to run under supervisord and have monit
>> email the sysadmins if it stops running again?
> Need? No, CP alerts me if it doesn't run a backup for a few days. I
> don't know why it stopped though...
>> Yes. They look fine. I can create the recovery gpg key if you want me
>> to then get it over to the infra team for long-term storage. Then we
>> would need to resign everything with it plus the current sysadmins' keys.
> Yes, this would be good for June 14th when I can give the GPG key
> personally to Greg.
Where should I put the private key then? If you are going to personally
see Greg, then it may make more sense for you to generate it offline so
the private key is not checked into SVN or emailed from me to you.
Dave