On Thu, Mar 13, 2008 at 01:16:44PM +0100, Miklos Vajna wrote: > On Thu, Mar 13, 2008 at 12:55:11PM +0100, Johannes Schindelin <Johannes.Schindelin@xxxxxx> wrote: > > The latter can be remedied (somewhat) by encrypting each object > > individually. In that case, .gitattributes can help (you should be able > > to find a mail to that extent, which I sent no more than 2 weeks ago). > > However, you must make sure that the encryption is repeatable, i.e. two > > different encryption runs _must_ result in _identical_ output. > > afaik, this is not the case for gpg. No, and you wouldn't want to use gpg because of the overhead it adds around an encrypted message. You would need to use a raw encryption algorithm, or one with very minimal wrapping. It's normally at this point that that you'd need to bring in a security expert to ask a whole lot of questions about your exact use scenario, do a formal threat analysis, since there are all sorts of unanswered questions about what kind of key management solution you really need for your situation. It's usually not as simple as "just encrypt it". How many people need to have access to the to the repository? Do you need to revoke access to the repository later? Who is allowed to give a new person access to the repository? etc., etc., etc. - Ted -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
