Hi Philip, > It's probably easier to let the encryption be at file system level and let > the hard drive handle it - maybe.
The problem with this is that it doesn't require collaborators to also use encryption. It also assumes that at least one of fuse and dm-crypt are enabled in the kernel (assuming Linux). If fuse is not available (for encfs) -- i.e. one needs to use dm-crypt to obtain an encrypted filesystem -- then administrative privileges are furthermore required at some point. Either you need sudo to run losetup, cryptsetup and mount, or you need a crypttab (which you can't set up as a regular user). Going back to collaborators, you might think, well, once you are dealing with other people who can decrypt the files, then you can no longer trust the encryption anyway, so why bother? However, my main collaborator is usually myself working on other machines. Sometimes I am the sole physical user and sudoer on the machine, and I definitely use an encrypted hard drive in these cases. Other times, people could at least theoretically access my files if they chose to be impolite. In those cases it would be nice to be able to store a Git repo on the machine as an encrypted remote. So, although I don't want to discount the technical challenges that could be involved in providing an encryption layer for Git, I personally would be quite interested in whether it might be possible. Using encrypted filesystems is just a sometime work-around, it doesn't strike me as a solid solution to the wish for encrypted Git repositories. As for implementation, Git blobs are already stored using zlib compression, so packfiles and so forth must already be going through some kind of decompression process to access the blob contents. It seems to me like it shouldn't be *that* hard to make the choice configurable? ~ Tim -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
