Obnamblog20210228 Iteration planning: February 28

Assessment of the iteration that is ending

The goal for the iteration that has just ended was:

By the end of this iteration, Obnam will have a plan for how to implement encryption for the initial threat model of the server operator reading backed up data. This will cover the encryption algorithm, how the encryption secret is handled, and Obnam can change its encryption in the future.

A new release will be made by the end of the iteration.

That goal was not reached. There is a plan for implementing encryption, but it needs at least one more round of review.

Also, no release was made. This time my excuse is that I need to re-invent my release automation so that making releases is less tedious. It's not a very convincing excuse.

Discussion

There was some good, constructive feedback on the encryption plan. This was very pleasing, and motivational. There was other good feedback as well, and some private discussions, which will hopefully continue and move to the public soon.

The discussion so far about encryption has highlighted that I am very much not an expert in this area. I will try to tread carefully. However, I'm also intentionally not going to aim for perfection on the first try. That doesn't ever happen. Perfection requires many iterations. Thus, I don't expect Obnam to be very secure in the next several iterations, but I do intend to make it better in each iteration.

I've been trying Obnam out on some of my own, real data, specifically my 1.3 million personal email archive. It's painfully slow. I suspect some optimization work would be good, because otherwise I won't want to use the software myself.

There are also a bunch of small issues piling up, "paper cuts", and I really should not let them pile up too much.

Goals

Goal for 1.0 (not changed this iteration)

The goal for version 1.0 is for Obnam to be an utterly boring backup solution for Linux command line users. It should just work, be performant, secure, and well-documented.

It is not a goal for version 1.0 to have been ported to other operating systems, but if there are volunteers to do that, and to commit to supporting their port, ports will be welcome.

Other user interfaces is likely to happen only after 1.0.

The server component will support multiple clients in a way that doesn't let them see each other's data. It is not a goal for clients to be able to share data, even if the clients trust each other.

Goal for the next few iterations (not changed for this iteration)

The goal for next few iterations is to have Obnam support encryption well. This will involve having a documented threat model, which has been reviewed by all stakeholders participating in the project, and Obnam defending against all the modeled threats.

This iteration

By the end of this iteration, I have merged the plan for implementing encryption. It is not necessary for the encryption to have been implemented. This is going to require learning new aspects of Rust, and new crates, and thus I expect that the actual implementation will take more than one iteration.

I will also have implemented a benchmark for simulating the workload of my email backups, and I have measurements to show where time is being spent.

I have made a new release.

Tasks for this iteration

For this iteration, I'm committed to resolving the following issues: obnam#18 (1h), obnam#36 (1h), obnam#59 (0.25h), obnam#62 (0.25h), obnam#74 (0.25h), obnam#79 (0.25h), obnam#82 (1h), obnam#83 (1h), obnam#84 (1h), obnam#87 (1h) and obnam#96 (1h).

Total of about 8 hours, rough estimate.

Created milestone 6 for this iteration.