[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypted Repositories. . .?

From: Dan Shookowsky <dshookowsky_at_gmail.com>
Date: 2007-06-20 19:58:05 CEST

I think the point that many folks have been trying to make with regards to
this situation is that it makes no sense to put a padlock on a paper bag.
You could have SnakeOil(tm) Brand 4096-bit elliptic curve encryption of your
source, but if you can't restrict the users who have access to the machine,
there's no preventing someone from using those same libraries to decrypt it
using the same keys.

The other issue that someone mentioned is that you lose the functionality
provided by svn because your source simply becomes an opaque binary object
that can't be merged, blamed, etc. In that scenario, you might as well have
the repository on a (trusted) local developer machine and ftp up encrypted
dumps of the repository to a central server or something equally ridiculous
Received on Wed Jun 20 19:58:23 2007

This is an archived mail posted to the Subversion Users mailing list.