…nfiguration so that --resume is sensitive to it rational: Conf had become a big ball of mud that was obscuring what was going on and made what should have been a trivial change very painful. We should do less implicit magic and cross-object relationships, more explicit definitions and simplifying boundaries.
rational: - prevent resume from happening under suspicious circumstances logic: - save the backup configuration as a property of /TKLBAM - if the backup configuration changes, recreate /TKLBAM - separate the CLI level and Backup concerns: - registry.backup_resume_conf is only used by the UI to decide whether we want to try to resume. Backup itself doesn't know anything about this. It just gets a boolean value. - conversely the UI doesn't need to know anything about /TKLBAM and its contents. It's up to Backup to figure out whether resuming is possible.
rationa: resolve issue with a circular import
rational: people think duplicity is stuck while it's uploading the archive
rational: increase upload performance without significantly reducing security (we don't rely on the SSL encryption anyhow)
rational: starting over from a failed multi-GB restore is a huge drag
rational: otherwise duplicity refuses to backup if the hostname changes...
rational: so people can get some sense in advance of the size of their backup
GnuPG defaults to CAST5 because this is one of the strongest royalty-free ciphers available before AES, which provides interoperability with older versions of PGP. But CAST5 sucks as a default because: 1) Bruce Schneier said so. Regarding it's design process he said "yuk". 2) It's pretty obscure as ciphers go. AES is more comforting. So we're going with AES, but which AES? There is AES-128 (the default), AES-192, and AES-256. There are no know attacks against AES-128, but since AES has known vulnerabilities related to large keys there are attacks that reduce the AES-256 to 2^99, which actually makes it even weaker than AES-128. 192 is similarly effected but less so. So now I'm suspicious of any key size larger than the default AES was designed for. AES-128 it is!
rational: should make backups faster and nobody on the Duplicity list reported any issues.
refactoring rational: too many values in a tuple is error prone and difficult to read. You have to remember the order you put things into the tuple in order to unpack.
rational: we need to execute some common arguments (e.g., archive-dir)