[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypted Repositories. . .?

From: Michael Williams <gberz3_at_gmail.com>
Date: 2007-06-21 01:51:11 CEST

> Disclaimer: No offense intended. This is a discussion about the
> proposed feature alone, so don't take anything personal please.

I'm rubber you're glue. . . ;)

In all seriousness though, I apologized to Johnathan for my
gruffness. Not sure whether or not it was accepted though.

> Allow me an opinion as well: You don't believe it's that huge of a
> problem, but still everyone but you comes up with problems that you
> might not have thought about or ignore right away - which basically
> makes the discussion about security a moot point again.
> . . .
> I frankly believe that your solutions/proposals so far are broken
> by design and don't work, but if they do what you want or let you
> sleep better at night: Why don't you just go for it?

Perhaps I'm asking the wrong question(s)? Basically I want to know
the following:

-- Can an application (regardless of OS) support encryption of all
its activities -- disk writing, memory access, etc. without the need
for the OS to dictate an encrypted environment?

I realize a lot of people don't want or need this, but I would like
it. Believe it or not, I'm not the most paranoid person on my team.
I'm absolutely not opposed to getting my hands dirty and writing it
myself, but I was hoping for a bit of community direction (technical,
not personal ;))before I dove in. I really don't believe on-disk
encryption is any less reasonable than TLS, SSL, or SSH encryption.
Perhaps you're right, perhaps another application should handle it,
but that would still leave SVN "vulnerable" and that's what I'm
trying to prevent. I'm looking for an encrypted process from
beginning to end.

Check out the attached PDF. Granted, a "trojan" could grab the key
and do it's bidding, but if that's the case, your server is
compromised anyway. Perhaps the ROI simply isn't worth it; it's just
an extra layer to keep the honest folks honest.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Thu Jun 21 01:51:51 2007

This is an archived mail posted to the Subversion Users mailing list.