Left off a citation to an old thread. > -----Original Message----- > From: Pyeron, Jason J CTR (US) > Sent: Monday, November 26, 2012 2:25 PM > > I may need to be nudged in a better direction, but please try to > understand my intentions. > > I am facing a situation where I would like to use git bundle but at the > same time inspect the contents to prevent a spillage[1]. > > Given we have a public repository which was cloned on to a secret > development repository. Now the developers do some work which should > not be sensitive in any way and commit and push it to the secret > repository. > > Now they want to release it out to the public. The current process is > to review the text files to ensure that there is no "secret" sauce in > there and then approve its release. This current process ignores the > change tracking and all non-content is lost. > > > In this situation we should assume that the bundle does not have any > content which is already in the public repository, that is it has the > minimum data to make it pass a git bundle verify from the public > repositories point of view. We would then take the bundle and pipe it > though the "git-bundle2text" program which would result in a "human" > inspectable format [3] > as opposed to the packed format[2]. The security > reviewer would then see all the information being released and with the > help of the public repository see how the data changes the repository. > > Am I barking up the right tree? > > > 1: http://en.wikipedia.org/wiki/Spillage_of_Classified_Information > 2: http://git-scm.com/book/ch9-4.html 3: http://git.661346.n2.nabble.com/How-to-extract-files-out-of-a-quot-git-bundle-quot-no-matter-what-td1679188.html
<<attachment: smime.p7s>>