update

author Joey Hess <joeyh@joeyh.name>

Wed, 9 Apr 2025 17:42:19 +0000 (13:42 -0400)

committer Joey Hess <joeyh@joeyh.name>

Wed, 9 Apr 2025 17:42:19 +0000 (13:42 -0400)
author Joey Hess <joeyh@joeyh.name>
Wed, 9 Apr 2025 17:42:19 +0000 (13:42 -0400)
committer Joey Hess <joeyh@joeyh.name>
Wed, 9 Apr 2025 17:42:19 +0000 (13:42 -0400)
diff --git a/doc/todo/encrypt_just_the_annex_on_git+annex_hosting_site/comment_4_d19a6c42a6c4b0be270e1a1fe167631d._comment b/doc/todo/encrypt_just_the_annex_on_git+annex_hosting_site/comment_4_d19a6c42a6c4b0be270e1a1fe167631d._comment

index 4cc63688a7ada71a43cc77953f72010f193dd6c7..9de9ff171ed96e088f1457eb97836f630a0d4395 100644 (file)
--- a/doc/todo/encrypt_just_the_annex_on_git+annex_hosting_site/comment_4_d19a6c42a6c4b0be270e1a1fe167631d._comment
+++ b/doc/todo/encrypt_just_the_annex_on_git+annex_hosting_site/comment_4_d19a6c42a6c4b0be270e1a1fe167631d._comment
@@ -41,4 +41,12 @@ A few gotchas I can see:
    are set up all storing to the same underlying remote. I think this is
    minor, because there would be 2 actual copies, just copies that happen to
    be on the same drive.
+* `encryption=shared` will not add any security if the underlying remote
+  is a git repository, because pushing the git-annex branch there will make
+  the encryption key available to anyone who can access the git repository.
+  Instead will need to use `encryption=pubkey`.
+  (Since this is a bit non-obvious, it should probably reject attempts
+  to do that.)
+
+I have some early work (documentation) in the `maskremote` branch.
  """]]
author	Joey Hess <joeyh@joeyh.name>
	Wed, 9 Apr 2025 17:42:19 +0000 (13:42 -0400)
committer	Joey Hess <joeyh@joeyh.name>
	Wed, 9 Apr 2025 17:42:19 +0000 (13:42 -0400)