From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id BEE5760484 for ; Wed, 14 Oct 2020 17:31:12 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A806EB23F for ; Wed, 14 Oct 2020 17:30:42 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 9E7E5B233 for ; Wed, 14 Oct 2020 17:30:41 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 63C4345D5C for ; Wed, 14 Oct 2020 17:30:41 +0200 (CEST) To: Proxmox Backup Server development discussion , Stefan Reiter References: <20201014150416.5612-1-s.reiter@proxmox.com> From: Thomas Lamprecht Message-ID: <15bc6012-576f-9aa1-e0f6-fe6df497d3d0@proxmox.com> Date: Wed, 14 Oct 2020 17:30:40 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:82.0) Gecko/20100101 Thunderbird/82.0 MIME-Version: 1.0 In-Reply-To: <20201014150416.5612-1-s.reiter@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL -0.135 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [RFC proxmox-backup] api: datastore: determine size and blob type if not in manifest X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2020 15:31:12 -0000 On 14.10.20 17:04, Stefan Reiter wrote: > I noticed that the GUI would show the "download" icon enabled for > 'client.log.blob' files, even if they were encrypted. The button wouldn= 't work > of course, since the server can't decode encrypted blobs, so nothing wo= uld > happen except an error logged to the console. On another node, why not allow downloading an encrypted archive, the serv= er view may be easier to search for a backup, as all is available there. Then we = could provide a client command (or separate tool) to decrypt that archive, wher= ever the user downloaded it. IMO, it does not make sense to limit the user artificially here, it just = should be made clear that the downloaded archive is/will be still encrypted, e.g., = by adding a ".encrypted" file ending, or some visual GUI hint.