Hi,
After discovering this option in newer versions I was really happy, as this significantly reduces backup times, especially for big CTs where most of the data is either static or files are not large - thank you!
However, I was surprised to find, after reading the documentation, that metadata mode uses mtime to detect changes.
Unfortunately there is a pitfall; mtime could be arbitrarily manipulated, be it with malicious intent or not, and changed files could be undetected.
On the other hand, ctime is guaranteed (at least on ext4) to be changed if either content or file metadata (including ACLs and any other attribute) has changed, and it cannot be set by any means (on any FS, to my knowledge).
There was once a similar issue with restic: Restic uses mtime to detect file changes, which can miss changes - it describes in detail why it is not really safe to use mtime only.
I believe it is relatively easy to use ctime to detect changes, and it should make backup a bit more robust for edge cases. Obviously, restoration of ctime is not necessary (and not possible) in this case, it needs to be stored only for comparison.
I (and probably many more users) would appreciate it if you could add this at least as an option to metadata backup mode. It would be also nice to have it when doing manual backups (not only when running the job).
Thank you!
After discovering this option in newer versions I was really happy, as this significantly reduces backup times, especially for big CTs where most of the data is either static or files are not large - thank you!
However, I was surprised to find, after reading the documentation, that metadata mode uses mtime to detect changes.
Unfortunately there is a pitfall; mtime could be arbitrarily manipulated, be it with malicious intent or not, and changed files could be undetected.
On the other hand, ctime is guaranteed (at least on ext4) to be changed if either content or file metadata (including ACLs and any other attribute) has changed, and it cannot be set by any means (on any FS, to my knowledge).
There was once a similar issue with restic: Restic uses mtime to detect file changes, which can miss changes - it describes in detail why it is not really safe to use mtime only.
I believe it is relatively easy to use ctime to detect changes, and it should make backup a bit more robust for edge cases. Obviously, restoration of ctime is not necessary (and not possible) in this case, it needs to be stored only for comparison.
I (and probably many more users) would appreciate it if you could add this at least as an option to metadata backup mode. It would be also nice to have it when doing manual backups (not only when running the job).
Thank you!
