Closed alexej996 closed 6 years ago
cbeams
commented
6 years ago Looks good, but backups should be stored somewhere that both operators can access, vs a "local drive", yeah? That way either operator can respond in a recovery scenario and both operators can check to make sure backups are actually happening. I don't have a suggestion about where this shared location should be.
alexej996
commented
6 years ago Well, they are already on the server automatically at /var/discourse/shared/standalone/backups/default/ and should be safe there even if Discourse crashes, it is just some extra security to keep a local copy. But it would be always better to have more of backups.
We could add a requirement for the secondary operator to download them as well, but I didn't want to give any regular obligation to him, but we could, if he is up for it. Only other option would be to upload backups at some file sharing services or a new server, but brings new worries and perhaps unnecessary costs. These backups contain hashed passwords, so we are expending the attack surface with every copy.
cbeams
commented
6 years ago Ok, understood, I agree that all makes sense. Thanks!
cbeams
commented
6 years ago @emzy, please ACK & I'll merge.
Emzy
commented
6 years ago ACK
Add specification for secondary operator and clarify requirement of downloading backups.