This may be a rather ignorant question. It is based on the thread: "Can Git
do all of this?". Konstantin indicated that Web suppliers such as GitHub
are not secure. Why is this? Well, I guess maybe they could be hacked from
the outside, or perhaps an employee could be subverted. I am wondering why
there is not an git _option_ to mark a repository as "insecure". When
something is pushed to this "insecure" repository, the files being pushed
would be encrypted as they are being transferred (read data, encrypt, then
send). The reverse on a fetch or pull (receive, decrypt, write). This would
leave the files unencrypted on the user's machine.
I don't know git internals, but is there some reason why the remote
repository cannot have its files be encrypted on the user's machine before
transferring to the "insecure" machine? I don't think anybody _in this
case_ would directly use the files on the server. I am aware that
encryption will increase their size. I don't know, but I guess this would
inhibit some operations such as gc and maybe fsck. But are those operations
truly necessary on a storage-only git repository? Again, my ignorance is
showing. I would think that the encryption used would require a properly
signed digital certificate. How to distribute this cert to the appropriate
people is left as an exercise for the reader.
Thanks for your thoughts.