Closed Javantea closed 9 years ago
Thanks for the attention to detail! I'm closing this as won't fix: You're right that it's not strictly correct to hardcode my key id, but I don't think it's worth the time to fix. If somebody wants to help set this up on their own system, I will help them factor out stuff like this that is too specific to my config.
util/cron.sh:12
If a person were to deploy this on their system, their backups would be encrypted with your public key KeyID f1faf31d assuming they had your public key in their user's public key chain. Also, you use the 32-bit keyid which can be spoofed. A 64-bit key id is much better. The KeyID should be a configuration value and the key should be retrieved and the fingerprint should be verified. This all can be done with a bit of shell script and documentation.