[H-SASIG] Passwords and secrets
Raymond Smith
raymond at storybridge.org
Mon Dec 21 01:29:24 EST 2009
2009/12/21 Greg Black <gjb at yaxom.com>:
> And, on the subject of version control, I completely disagree
> with Ray's idea of using a different system for this one file.
> Whatever we decide to use (and I thought that decision had been
> made in favour of Mercurial, but that's not important), we
> should use it for everything. Whether it's RCS, Hg, Git, or
> whatever, it will still be one file with its associated revision
> control directory, and that can be put in a tar file and
> encrypted quite easily.
I don't care what version control system is used, but I strongly
believe that commit messages should be encrypted. The reason I believe
this is that if we are serious about keeping the contents of that file
secret then we need to be careful about useful information leaking out
in the commit logs. At the same time, it is highly desirable for
commit logs to contain the very same useful information.
I suggested RCS because I can see how we could easily encrypt the file
and the commit history. Perhaps similar things are possible using
Mecurial, but I am not familiar enough to know how we would go about
encrypting a single file and its history.
I also think that Daniel Devine's suggestion of not including this
file at all in the "public" backup is a good one. That is it should
only be in the pgp encrypted backup.
Cheers,
Raymond
More information about the Sasig
mailing list