[Cosmo-dev] adding password retrieval to cmp

[Jared Rhine]

Brian Moseley wrote:
> i think you're conflating the small issue of making passwords
> available via cmp with the large issue of backup and restore of user
> data.

It will not be possible to implement full backup/restore without the ability
to both get all user passwords out of the system and put them back in.
Everyone who has chimed in so far has indicated that it would be considered
a security flaw to be able to retrieve passwords, so I wonder how people
expect to be able to implement network backups at all?

The model in my head for backups is "user-specific data backup + account
info backup + user-specific data restore + account info restore = full
backups".  Other models are possible, so let's hash this out quickly if
you've another idea.

We currently have account info restore but an incomplete account info
backup.  Vinu's patch was briefly discussed as a user-specific data backup
mechanism, though I agree we need a different form (still assuming the
sharing format will be used, though I suspect we'll need multiple resources
in one file to get consistent backups).  Seems the feature under
consideration is an easy, low-hanging-fruit way to progress backups with
almost no costs beyond this discussion.  (If this feature had been included
back in Oct, our production systems would have had backups running all these
months since.)

I don't really want you to build me a backup system per-se.  I hope to see
inclusion of the network features needed for anyone, myself included, to be
able to implement a network-based backup with some simple scripts that might
be included in the distro.

If I provide a patch to make the availability of this feature dependent on a
property setting, will you include it then?  Why defer?

-- Jared