Locking + append-only mode


rest-server and rclone both support an append-only mode, but for obvious reasons, it’s still allowed to remove locks from the repo. I’m wondering what is the worst case scenario in case a malicious client forcefully unlocks the repository in a loop so that effectively no locking happens any more?

I think it should be safe if there are only append-only clients accessing the repo, maybe a check will fail because something changed unexpectedly but the data should be safe. But what happens if there is some trusted client with full access to the repo that for example forgets old snapshots and prunes the repo?