From: Joey Hess <joeyh@joeyh.name>
Date: Wed, 9 Apr 2025 17:42:19 +0000 (-0400)
Subject: update
X-Git-Tag: archive/raspbian/10.20250416-2+rpi1~1^2~6^2~12^2
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=ecebdec2c6ae71bd0f5041a77dc9ae7b0bca21e3;p=git-annex.git

update
---

diff --git a/doc/todo/encrypt_just_the_annex_on_git+annex_hosting_site/comment_4_d19a6c42a6c4b0be270e1a1fe167631d._comment b/doc/todo/encrypt_just_the_annex_on_git+annex_hosting_site/comment_4_d19a6c42a6c4b0be270e1a1fe167631d._comment
index 4cc63688a7..9de9ff171e 100644
--- a/doc/todo/encrypt_just_the_annex_on_git+annex_hosting_site/comment_4_d19a6c42a6c4b0be270e1a1fe167631d._comment
+++ b/doc/todo/encrypt_just_the_annex_on_git+annex_hosting_site/comment_4_d19a6c42a6c4b0be270e1a1fe167631d._comment
@@ -41,4 +41,12 @@ A few gotchas I can see:
   are set up all storing to the same underlying remote. I think this is
   minor, because there would be 2 actual copies, just copies that happen to
   be on the same drive.
+* `encryption=shared` will not add any security if the underlying remote
+  is a git repository, because pushing the git-annex branch there will make
+  the encryption key available to anyone who can access the git repository.
+  Instead will need to use `encryption=pubkey`.
+  (Since this is a bit non-obvious, it should probably reject attempts
+  to do that.)
+
+I have some early work (documentation) in the `maskremote` branch.
 """]]