Ransomware could delete restic repositories. I could snapshot the repository in the backend on the cloud or with ZFS. I worry the backend might explode, since small changes at source get encrypted to new 4MB files that have to be kept around.
Anyone doing this? What’s the size of the repository and how frequently you back up?
Not sure what you are worried about. Whatever is added to the repository needed to be added because you back up data, not because you snapshot the repository. So, what you need in addition to that is what you need to keep data around after pruning, which effectively equals the amount of data you prune (this amount is what would otherwise be deleted instead of kept).
Regardless, just do it and see what you make of it? You can just delete snapshots if it becomes a problem.
If I change a word in a doc file, does restic add a new pack file or a new blob?!
Just to have an idea of the amount of the change.
I think this section from the spec should answer your question: Reference: Design - Backups and Deduplication
I backup to an AWS S3 bucket with versioning enabled. Some repos I back up locally then mirror up, some are direct. Either way, if it’s deleted / encrypted I can go back to an older version.
Depending on how smart an attacker is, going back to a state before the attack might be the only option that works reliably.
The answer is both. Data blobs are always stored in pack files.