You are viewing a plain text version of this content. The canonical link for it is here.
Posted to sysadmins@spamassassin.apache.org by Dave Jones <da...@apache.org> on 2017/05/31 18:52:58 UTC
Re: Backups & Crashplan
On 05/30/2017 05:44 PM, Kevin A. McGrail wrote:
>
>> We should add /etc and /var/www and exclude
>> /usr/local/spamassassin/backups since it's so large.
> Added/excluded as suggested. Thanks very much for the feedback
Do we need to setup crashplan to run under supervisord and have monit
email the sysadmins if it stops running again?
>> We still need to create a recovery gpg key and re-sign everything with
>> that key before we get too far down that road.
> I haven't forgotten. It can be easily decrypted and resigned with that
> key. Have you looked at the accounts/*.README files I created?
>
Yes. They look fine. I can create the recovery gpg key if you want me
to then get it over to the infra team for long-term storage. Then we
would need to resign everything with it plus the current sysadmins' keys.
> Regards,
> KAM
Dave
Re: Backups & Crashplan
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 6/1/2017 9:30 AM, Dave Jones wrote:
> Where should I put the private key then? If you are going to
> personally see Greg, then it may make more sense for you to generate
> it offline so the private key is not checked into SVN or emailed from
> me to you.
Sorry, I wasn't clear. In my head, I had been thinking about giving him
just the passphrase out of band.
If you generate a key pair with a ridiculously strong passphrase which
you can relay over the phone, we can then email the private, passphrase
protected key pair to Greg. I'll follow-up with the passphrase in
person. Then once you and I confirm we have the private key off the
server and safely onto our own network, we are safe enough I believe.
Then we should only need the public key in our key rings to encrypt it
to that sysadmins@ account.
This matched what Greg discussed a week or 3 ago.
Regards,
KAM
Re: Backups & Crashplan
Posted by Dave Jones <da...@apache.org>.
On 06/01/2017 08:20 AM, Kevin A. McGrail wrote:
> On 5/31/2017 2:52 PM, Dave Jones wrote:
>> On 05/30/2017 05:44 PM, Kevin A. McGrail wrote:
>>>
>>>> We should add /etc and /var/www and exclude
>>>> /usr/local/spamassassin/backups since it's so large.
>>> Added/excluded as suggested. Thanks very much for the feedback
>>
>> Do we need to setup crashplan to run under supervisord and have monit
>> email the sysadmins if it stops running again?
> Need? No, CP alerts me if it doesn't run a backup for a few days. I
> don't know why it stopped though...
>> Yes. They look fine. I can create the recovery gpg key if you want me
>> to then get it over to the infra team for long-term storage. Then we
>> would need to resign everything with it plus the current sysadmins' keys.
> Yes, this would be good for June 14th when I can give the GPG key
> personally to Greg.
Where should I put the private key then? If you are going to personally
see Greg, then it may make more sense for you to generate it offline so
the private key is not checked into SVN or emailed from me to you.
Dave
Re: Backups & Crashplan
Posted by "Kevin A. McGrail" <ke...@mcgrail.com>.
On 5/31/2017 2:52 PM, Dave Jones wrote:
> On 05/30/2017 05:44 PM, Kevin A. McGrail wrote:
>>
>>> We should add /etc and /var/www and exclude
>>> /usr/local/spamassassin/backups since it's so large.
>> Added/excluded as suggested. Thanks very much for the feedback
>
> Do we need to setup crashplan to run under supervisord and have monit
> email the sysadmins if it stops running again?
Need? No, CP alerts me if it doesn't run a backup for a few days. I
don't know why it stopped though...
> Yes. They look fine. I can create the recovery gpg key if you want me
> to then get it over to the infra team for long-term storage. Then we
> would need to resign everything with it plus the current sysadmins' keys.
Yes, this would be good for June 14th when I can give the GPG key
personally to Greg.