Enrico Weigelt <enrico.weigelt@xxxxxxx> writes: >> Enrico Weigelt <enrico.weigelt@xxxxxxx> writes: >> >> > * blobs are encrypted with their (original) content hash as >> > encryption keys >> >> What does this even mean? >> >> Is it expected that anybody who has access to the repository can >> learn names of objects (e.g. by running "ls .git/objects/??/")? If >> so, from whom are you protecting your repository? > > Well, everybody can access the objects, but they're encrypted, > so you need the repo key (which, of course isn't contained in > the repo itself ;-p) to decrypt them. So, in short, blobs are not encrypted with the hash of their contents as encryption keys at all. >> How does this encryption interact with delta compression employed >> in pack generation? > > Probably not at all ;-o > > For the usecases I have in mind (backups, filesharing, etc) this > wouldn't hurt so much, if the objects are compressed before encryption. For that kind of usage pattern, you are better off looking at encrypted tarballs or zip archives. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html