Please do make a mention of the alternatives that backups can either be
rotated by the machine being backed up or be rotated by a separate, more
locked down, machine. That is, the distinction where there is a key file
which has the delete permission.
It's just that I find the
possibility to split up tarsnap's read, write and delete permissions a
really good thing.