Obnamblog20210328 Iteration planning: March 28—April 11

Agenda

  • Assess previous iteration.
  • Discuss goals for new iteration, next few iterations, and long term.
  • Review all open issues, and update them as needed.
  • Create new milestone and choose issues to resolve.

Assessment of the iteration that has ended

The goal for the iteration that has just ended was:

By the end of this iteration, Obnam will have a plan for how to implement encryption for the initial threat model of the server operator reading backed up data. This will cover the encryption algorithm, how the encryption secret is handled, and Obnam can change its encryption in the future.

A new release will be made by the end of the iteration.

That goal was reached, if rather late.

Discussion

Due to unforeseen circumstances (CI broke down badly), it took over a week to actually finish making the release and building Debian packages. That should now be properly fixed and shouldn't happen again. Obnam uses Lars's personal CI, which is opaque and strange, but is what Lars trusts to publish stuff on his personal sites. For more transparent development it may be good to later set up something that is more publicly accessible, perhaps using GitLab CI, but that will need to wait for volunteers.

During this iteration Lars did some performance profiling, because Obnam is rather slower than he's willing to accept. Lars has some multi-gigabyte files that change about every 30 seconds: notmuch index files.

The current main cause of slowness is that the client is single-threaded and spends most of its time computing SHA256 checksums of live data. Computing the checksums is necessary for de-duplication, and they can't be skipped, but it would be good for the client to make use of all the CPU cores available. That was always the intention, but it would be good to start moving in that direction sooner rather than later. Lars's current plan is to make use of the Rust async features for this.

Goals

Goal for 1.0 (not changed this iteration)

The goal for version 1.0 is for Obnam to be an utterly boring backup solution for Linux command line users. It should just work, be performant, secure, and well-documented.

It is not a goal for version 1.0 to have been ported to other operating systems, but if there are volunteers to do that, and to commit to supporting their port, ports will be welcome.

Other user interfaces is likely to happen only after 1.0.

The server component will support multiple clients in a way that doesn’t let them see each other’s data. It is not a goal for clients to be able to share data, even if the clients trust each other.

Goal for the next few iterations (not changed for this iteration)

The goal for next few iterations is to have Obnam support encryption well. This will involve having a documented threat model, which has been reviewed by all stakeholders participating in the project, and Obnam defending against all the modeled threats.

Goal for the iteration that is starting

The goal for this iteration is to implement a reasonable obnam init, which reads a passphrase from the user, and derives two keys from it, and stores them into ~/.config/obnam/secrets.yaml, with file-system permissions of 0400 (or -r------ in ls notation). It is not part of the goal to actually use those keys in any way.

Commitments for this iteration

milestone 7 represents this iteration on GitLab.

For this iteration, Lars is committed to resolving the following issues: obnam#100 (4h). obnam#101 (1h).

That is a total of about 5h hours, rough estimate.

Meeting participants

  • Lars Wirzenius