Bug#981235: deja-dup: Does not check if encryption passphrase matches previous ones when making a fresh full backup

Jaycee Santos jlsantos at protonmail.com
Thu Jan 28 02:02:50 GMT 2021 

Package: deja-dup
Version: 38.3-1
Severity: important

Dear Maintainer,

The current version of deja-dup in buster is affected by
https://wiki.gnome.org/Apps/DejaDup/PassphraseProblems2019.

When deja-dup decides to make a full backup after a while, it asks for an
encryption passphrase.

However, duplicity does not verify whether or not the passphrase is the same as
the one used in previous backups.

This can lead to a mismatching backup chain. Backups may be jeopardized if one
happens to make a typo when deja-dup makes a fresh backup once in a while.

The GNOME Wiki page states that deja-dup addressed the passphrase verification
problem in its 39.1 release.

Is it possible to have this fixed in buster?



-- System Information:
Debian Release: 10.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-13-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages deja-dup depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.30.1-2
ii  duplicity                                    0.7.18.2-1
ii  libatk1.0-0                                  2.30.0-2
ii  libc6                                        2.28-10
ii  libglib2.0-0                                 2.58.3-2+deb10u2
ii  libgoa-1.0-0b                                3.30.1-2
ii  libgoa-backend-1.0-1                         3.30.1-2
ii  libgtk-3-0                                   3.24.5-1
ii  libnautilus-extension1a                      3.30.5-2
ii  libpackagekit-glib2-18                       1.1.12-5
ii  libpango-1.0-0                               1.42.4-8~deb10u1
ii  libpeas-1.0-0                                1.22.0-4
ii  libsecret-1-0                                0.18.7-1

Versions of packages deja-dup recommends:
ii  gvfs-backends  1.38.1-5
ii  packagekit     1.1.12-5
ii  policykit-1    0.105-25

Versions of packages deja-dup suggests:
pn  python-boto         <none>
pn  python-cloudfiles   <none>
pn  python-swiftclient  <none>

-- no debconf information

More information about the pkg-gnome-maintainers mailing list