How to freeze/lock repo when check --read-data fails?

I setup restic a couple months ago, and have been really happy with it. Recently I added autorestic, and went from cron to systemd to automate several steps.

One thing I hoped to do – I run various check --read-data-subset ops regularly, and email the results, but my instinct says that I can do better by freezing/locking the repo if a real error is found.

First question: is there value in freezing the repo – in other words, can new backups make anything worse? Or should I let backups, checks and forget/prunes carry on?

Second question: is there a known/good way to block/freeze? Notions I had before coming here:

• wrap my scripts with my own lock/prereq, but that feels silly
• || chmod 000 on the repo directory and/or index

All feedback & ideas welcome!

Cheers,
Ben

New backups don’t modify existing files. So they can’t damage the repository further, but depending on the kind of damage, the new snapshots won’t be restorable. Although, there’s a good chance that at least a large part of the snapshots are fine.

prune verifies the repository integrity before making any modifications, although it’s less thorough than check --read-data, but it nevertheless includes lots of checks to not make things worse.