This may be a rather ignorant question. It is based on the thread: "Can Git 
do all of this?". Konstantin indicated that Web suppliers such as GitHub 
are not secure. Why is this? Well, I guess maybe they could be hacked from 
the outside, or perhaps an employee could be subverted. I am wondering why 
there is not an git _option_ to mark a repository as "insecure". When 
something is pushed to this "insecure" repository, the files being pushed 
would be encrypted as they are being transferred (read data, encrypt, then 
send). The reverse on a fetch or pull (receive, decrypt, write). This would 
leave the files unencrypted on the user's machine.

I don't know git internals, but is there some reason why the remote 
repository cannot have its files be encrypted on the user's machine before 
transferring to the "insecure" machine? I don't think anybody _in this 
case_ would directly use the files on the server. I am aware that 
encryption will increase their size. I don't know, but I guess this would 
inhibit some operations such as gc and maybe fsck. But are those operations 
truly necessary on a storage-only git repository? Again, my ignorance is 
showing.  I would think that the encryption used would require a properly 
signed digital certificate. How to distribute this cert to the appropriate 
people is left as an exercise for the reader.

Thanks for your thoughts.


Reply via email to