On Mar 13, 2008, at 12:15 PM, Thomas Harning wrote:
On Thu, 13 Mar 2008 11:36:46 -0700
Luke Lu <git@xxxxxxxxxx> wrote:
An obvious and easy solution: use an encrypted partition on the
remote server and ssh as transport. Last time I checked, git on
encrypted volumes is plenty fast.
If its an encrypted partition on the remote server... then its visible
@ that server.. which I don't think is desired in the situation.
An encrypted partition is fairly useless on a remote server unless the
remote server is expected to be physically removed/powered down...
otherwise anything can get into that data while its alive (pending
permissions, lack-of-holes, etc..)
The encfs solution makes sure that nothing is ever revealed
remote-side... all data is prevented from even going over ssh in its
unencrypted form.
Yes encfs over an sshfs is probably the safest. But it is intolerably
slow if you need any kind of random access of data, which git does
all the time. You can mount the encrypted partition using a key over
ssh per git push or pull to minimize exposure while get the
performance you want.
__Luke
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
