----- Original Message ----- 
  From: John McKown 
  To: git-users@googlegroups.com 
  Sent: Tuesday, December 11, 2012 7:44 PM
  Subject: [git-users] securing data in a non-local repository


  I haven't seen anything like this in anything I've read so far. And I know 
that git is all about freely sharing. But is there some way to have git keep 
the repository files encrypted. I know that the files in the .git subdirectory 
are compressed. It seems to me that it should be relatively simple to have the 
"git add" do an encrypt step just before the compress step in its processing. 
You could have a git config core.encrypt and git config cone.encrypt.key 
variable. The core.encrypt would be TRUE or FALSE. If the value is TRUE, then 
you could set the core.encrypt.key variable or you could have git ask for the 
password interactively. Or maybe I just really want it to occur when I do a 
"git push".
This comes up pretty often. If each commit is encrypted then you can't compress 
the repository, and you can't do any of the fancy stuff that needs to go on 
within the server to pack the repo. 

Also, as a Distributed system, initially for the Linux Open Source activity, 
the key is that whenever you are distributing [clones] the code (everyone gets 
everything) you making it more open, so the repo isn't the place to add your 
security.


  Yes, I'm a bit of a security nut. And, yes, I know I could gpg encrypt the 
file before doing the git add. Or I guess that I could even make my own 
git-encrypt-add script to do it via a "git encrypt-add" operation. Hum.

  Your thoughts are appreciated.

-- 


Reply via email to