It does seem like duplicity isn't doing a very good job of protecting the user here. It doesn't explicitly validate the latest full-backup password against older backup chains.
It *will* validate the password if it has lost its local already-decrypted copy of the metadata for old backups and has to re-download and re-decrypt them. So as a workaround, I've added some logic in deja-dup to blow away the cache before doing a fresh full backup.
But probably duplicity should be smarter in this case.
It does seem like duplicity isn't doing a very good job of protecting the user here. It doesn't explicitly validate the latest full-backup password against older backup chains.
It *will* validate the password if it has lost its local already-decrypted copy of the metadata for old backups and has to re-download and re-decrypt them. So as a workaround, I've added some logic in deja-dup to blow away the cache before doing a fresh full backup.
But probably duplicity should be smarter in this case.