> It's normally at this point that that you'd need to bring in a security expert to ask a > whole lot of questions about your exact use scenario, do a formal > threat analysis, since there are all sorts of unanswered questions > about what kind of key management solution you really need for your > situation. Uh. This is for kind of hobbyist noncommercial usage, so there are not that much resources for bringing in security experts. :-) Also I do not expect this data to be protected from determined (payed) professional attack -- a determined professional would probably be able to find some weaker spot elsewhere. However I do want such attack to cost enough to ward off idle amateurs and bored professionals. :-) > It's usually not as simple as "just encrypt it". > How many people need to have access to the to the repository? Well, 2-5, up to ten, I guess. In immediate future -- two persons only. :-) > Do you need to revoke access to the repository later? Probably. But restricting remote access should be enough. > Who is allowed to give a new person access to the repository? To keep things simple, me myself only. > etc., etc., etc. Thank you, Alexander. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
