[horror stories about wayward tapes with client data]

If I had machines with such customer data, I'd probably choose
differently for that data.  And I'd then be willing to spend the money
to ensure availability, which is then more challenging.

  The above examples show that having unencrypted backups is not really a
  good idea.  So please think once more about it.  The only sane way is
  the client-encrypted public-key method.

You're making unwarranted assumptions about other people's situations,
and telling them what to do without even understanding their needs.
Even if you do understand, the policy choice is theirs to make.  Some
people have data that doesn't have that strong a need to be private,
and for whom availability is far far more important.

Of course, you're free to implement what you want.  The amanda
project, though, should insist on clean architecture which enables the
other choices to be implemented without undue pain.


-- 
        Greg Troxel <gdt AT ir.bbn DOT com>