For anyone looking to migrate off borg because of this, append-only is available...

JeremyNT · 2025-06-08T13:01:32 1749387692

I'm curious if there is any reason to use Borg these days.

I had the impression that in the beginning Borg started as a fork of Restic to add missing features, but Restic was the more mature project.

Is there still anything Borg has that Restic lacks?

lutoma · 2025-06-08T15:56:40 1749398200

Borg is a fork of Attic, not restic. Restic is also written in Go while Attic/Borg is in Python.

For me the reason to use Borg over Restic has always been that it was _much_ faster due to using a server-side daemon that could filter/compress things. The downside being you can’t use something like S3 as storage (but services like Borgbase or Hetzner Storage Boxes support Borg).

That’s probably changed with the server backend, but with the same downside.

remram · 2025-06-08T14:10:22 1749391822

My number one problem with Restic is the memory usage. On some of my workloads, Restic consumes dozens of gigabytes of memory during backup.

I am very much in the market for a replacement (looking at Rustic for example).

rsync · 2025-06-07T21:37:10 1749332230

You can achieve append-only without exposing a rest server provided that 'rclone' can be called on the remote end:

  rclone serve restic --stdio

You add something like this to ~/.ssh/authorized_keys:

  restrict,command="rclone serve restic --stdio --append-only backups/my-restic-repo" ssh-rsa ...

... and then run a command like this:

  ssh [email protected] rclone serve restic --stdio ...

We just started deploying this on rsync.net servers - which is to say, we maintain an arguments allowlist for every binary you can execute here and we never allowed 'rclone serve' ... but now we do, IFF it is accompanied by --stdio.

zacwest · 2025-06-08T02:28:28 1749349708

You then use `restic` telling it to use rclone like...

    restic ... --option=rclone.program="ssh -i <identity> user@host" --repo=rclone:

which has it use the rclone backend over ssh.

I've been doing this on rsync.net since at least February; works great!

champtar · 2025-06-07T21:11:47 1749330707

If you want to use some object storage instead of local disk, rclone can be a restic server: https://rclone.org/commands/rclone_serve_restic/

mike-cardwell · 2025-06-08T08:31:21 1749371481

You say "only with the restic backend" but you can do it with a simple Nginx backend too https://www.grepular.com/Nginx_Restic_Backend - The restic server part is redundant

snickerdoodle12 · 2025-06-07T23:35:49 1749339349

I use restic+rclone+b2 with an api key that can't hard delete files. This gives me dirt-cheap effectively append-only object storage with automatic deletion of soft deleted backups after X days.

fl0id · 2025-06-08T07:12:17 1749366737

Which is exactly what the borg suggest in their issue.

twhb · 2025-06-08T05:49:31 1749361771

restic’s rest-server append-only mode unfortunately doesn’t prevent data deletion under normal usage. More here: https://restic.readthedocs.io/en/stable/060_forget.html#secu.... Their workaround is pretty weak, in my opinion: a compromised client can still delete all your historic backups, and you’re on a tight timeline to notice and fix it before they can delete the rest of your backups, too.

cvalka · 2025-06-08T02:51:43 1749351103

Use rustic instead of restic!

champtar · 2025-06-08T10:12:59 1749377579

https://github.com/rustic-rs/rustic?tab=readme-ov-file#stabi...

rustic currently is in beta state and misses regression tests. It is not recommended to use it for production backups, yet.

Too · 2025-06-08T06:07:38 1749362858

Care to explain more?