On Tue, Jul 21, 2009 at 10:25:50AM +0200, Matthias Andree wrote: > >The problem is that you need to expose not just the DAG, but also the > >hashes of trees and blobs. Because if I know you have master^, and I want > >to send you master, then I need to know which objects are referenced by > >master that are not referenced by master^. > > Yes, you need to know that. Not all of the push logic needs to be > implemented on the server though. Yes, though fetching is much harder, since the server is the one holding the information about how the transfer can be optimized. Still, you should be able to achieve roughly the same performance as http fetching from a dumb server. > Or look at commit frequency and push sources. There's always a leak > of information even if I just upload a series of > blah-2009MMDD-NNN.tar.lzma.gpg files... The data is going to be > obsolete, say, 3 months; students then write the exam and then it's > sort of public anyways. Even if your model does not entail not > publishing exams (as opposed to embargoed press releases under > development), but you can't prevent someone from writing their > recollection of the problems from memory afterwards and sharing it > with other students. > [...] > Is your concern that the object name (SHA1) is derived from the > unencrypted version? Yes. You are potentially leaking considerable information about the unencrypted contents which an attacker could use to guess those contents (especially if the file is mostly composed of low-entropy parts, like text formatting). -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html