[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypting selected files ...

From: Pat Farrell <pfarrell_at_pfarrell.com>
Date: Fri, 02 Oct 2009 18:28:38 -0400

Alec Kloss wrote:
> Storing only encrypted source in the source control system prevents
> your system administrators from being able to read the source. I
> can see value in that.

I can not see any value in that. At some point, you have to trust some
of your employees.

If you don't trust your sysadmins, what is keeping them from installing
key loggers on your PC?

Seeing the source is not an issue with security, in fact, good security
relies upon known algorithms with open source code. All of the security
is in the keys.

Nothing else.

The idea of using Security By Obscurity for source code strikes me as
terrible software engineering.

When I worked at a pioneering Internet commerce company, which was
completely SAS-90 compliant, etc. we defined that security meant that
our engineers, who were in our office and on our LAN, with complete
access to all of the source code, could not do anything bad.

Its the same as the issue of encrypting all of your data in an RDMBS,
the data base administrator sure has to be able to see the data, its
part of their job.

Pat Farrell
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-03 00:29:35 CEST

This is an archived mail posted to the Subversion Users mailing list.