[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypting selected files ...

From: Alec Kloss <alec.kloss_at_oracle.com>
Date: 2 Oct 2009 17:20:14 -0500

On 2009-10-02 16:42, Pat Farrell wrote:
> Alec Kloss wrote:
> > I'd be curious to know if someone has thoughts on
> > how to add client-side support for PGP encrypting files prior to
> > committing them to Subversion.
>
> I can't think of a way that this would be useful, assuming that you have
> multiple developers using the repository.
>
> Each user has to have read and write access to be able to do anything
> useful.
>
> If you share the PGP/GPG private key, then it is no longer private.
>
> Plus, I don't want source code treated as blobs, you lose the ability to
> do diffs between versions, etc. which are critical for any useful
> version control system.
>
> > For those of us who
> > work on commercial software, it would be attractive to have all
> > source encrypted on disk at all times, including when it's in a
> > source repository, and such a feature would be an interesting
> > feature for Subversion.
>
> I can't see any value in this "keep it all encrypted" idea, but there
> are many ways to have encrypted volumes in nearly all operating systems,
> just use one and be happy.
>
> Most of the time, encrypted files are used only for data either in
> transit or in long term storage.
>
> Adding encryption to SVN is the worst kind of feature bloat. Do one
> thing, do it well, let the OS or filesystem handle your needs for file
> encipherment.

Storing only encrypted source in the source control system prevents
your system administrators from being able to read the source. I
can see value in that. The problem with multiple consumers of the
same encrypted data is already addressed by PGP. I don't see any
reason why this can't be done; after some thought, the idea of
doing it in a wrapper around your svn tool probably won't work well
for some operations, like svn diff especially, but there's no
reason the svn clients couldn't understand that some source files
are encrypted and, when creating a diff, decrypt the pertinent
versions and then present a diff of the cleartext. Obviously diffs
of cyphertext are of limited value.

-- 
Alec.Kloss_at_oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956

  • application/pgp-signature attachment: stored
Received on 2009-10-03 00:21:39 CEST

This is an archived mail posted to the Subversion Users mailing list.