Enrico Weigelt <enrico.weig...@vnc.biz> writes:

>> Enrico Weigelt <enrico.weig...@vnc.biz> writes:
>> > * blobs are encrypted with their (original) content hash as
>> >   encryption keys
>> What does this even mean?
>> Is it expected that anybody who has access to the repository can
>> learn names of objects (e.g. by running "ls .git/objects/??/")? If
>> so, from whom are you protecting your repository?
> Well, everybody can access the objects, but they're encrypted,
> so you need the repo key (which, of course isn't contained in
> the repo itself ;-p) to decrypt them.

So, in short, blobs are not encrypted with the hash of their
contents as encryption keys at all.

>> How does this encryption interact with delta compression employed
>> in pack generation?
> Probably not at all ;-o
> For the usecases I have in mind (backups, filesharing, etc) this
> wouldn't hurt so much, if the objects are compressed before encryption.

For that kind of usage pattern, you are better off looking at
encrypted tarballs or zip archives.

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to