git-annex/doc/todo/append-only_mode/comment_4_cb00ed89aa7931fdadbf44355bdc78b2._comment

[[!comment format=mdwn
 username="anarcat"
 avatar="http://cdn.libravatar.org/avatar/4ad594c1e13211c1ad9edb81ce5110b7"
 subject="comment 4"
 date="2018-07-06T16:48:29Z"
 content="""
understood, i'll add a tips page as well.. i started some personal notes here:

https://anarc.at/services/backup/#append-only-git-repositories

regarding pushes to the git-annex branch... in my threat model, it is not a real problem. they can drop all the contents locally and destroy everything there anyways. if an attacker adds an extra repo, sure, a \"smart\" git-annex command might mistakenly drop contents in the wrong location, but the attacker could do that anyways, without adding that branch. what is actually precious are the blobs stored on the remote server: if those can't be removed, we are safe, if I understand things correctly.
"""]]
Added a comment 2018-07-06 16:48:29 +00:00			`[[!comment format=mdwn`
			`username="anarcat"`
			`avatar="http://cdn.libravatar.org/avatar/4ad594c1e13211c1ad9edb81ce5110b7"`
			`subject="comment 4"`
			`date="2018-07-06T16:48:29Z"`
			`content="""`
			`understood, i'll add a tips page as well.. i started some personal notes here:`

			`https://anarc.at/services/backup/#append-only-git-repositories`

			regarding pushes to the git-annex branch... in my threat model, it is not a real problem. they can drop all the contents locally and destroy everything there anyways. if an attacker adds an extra repo, sure, a \"smart\" git-annex command might mistakenly drop contents in the wrong location, but the attacker could do that anyways, without adding that branch. what is actually precious are the blobs stored on the remote server: if those can't be removed, we are safe, if I understand things correctly.
			`"""]]`