savchenko
commented
3 years ago The page above is 404. Also, do you reckon backups are a little out-of-scope for the TODO application?
Open djmitche opened 3 years ago
savchenko
commented
3 years ago The page above is 404. Also, do you reckon backups are a little out-of-scope for the TODO application?
djmitche
commented
3 years ago It's at https://github.com/djmitche/taskchampion/blob/c2c2a00ed507929e68358931e174e1ada5b6b57c/docs/src/plans.md now
This is definitely a longer-range feature, but I think it's an important one for a robust sync system. With backups, even if the server loses all of its data, sync can continue, as it will just restore from a backup stored with one of the replicas.
djmitche
commented
2 years ago Adding this to the protocol later won't be a breaking change (it will just be a header from the server saying "hey plz 2 back me up?" which older replicas can ignore), so I don't think this needs to go in this milestone.
djmitche
commented
5 months ago Moving this back out of plans.md and into an issue.
In this design, the server is little more than an authenticated storage for encrypted blobs provided by the client. To allow for failure or data loss on the server, clients are expected to cache these blobs locally for a short time (a week), along with a server-provided HMAC signature. When data loss is detected -- such as when a client expects the server to have a version N or higher, and the server only has N-1, the client can send those blobs to the server. The server can validate the HMAC and, if successful, add the blobs to its datastore.
(updated to include the proposal directly, instead of via a link)