On Monday 29 Nov 2010, Piotr Kabaciński wrote: > On 11/29/2010 12:50 PM, Campbell Allan wrote: > >> If you are able to create dedicated partition you could encrypt repo > >> like described here: > >> http://www.hypersphere.org/personal/svn.shtml > > > > With some pretty important drawbacks, the no diff/conflict resolution > > would be a dealbreaker for me > > With encryption on filesystem level files in repo are not saved as > binary (in terms of svn). Svn with repo works like it works before. > Drawback is that OS has to compress and decompress file every time you > need to commit/checkout. > Diff would be useless if you encrypt every file before commit, and send > it as binary, and that is not this situation. > > greetings >
I'm going to have to reread the page but those points were taken from the author of the web page and are not my own. My understanding is that subversion operations are applied on the working copy but edits must be done within the FUSE mountpoint of the working copy that decrypts and encrypts the files. Therefore diff does not work as this is done on the encrypted version of files. If a diff was tried from within the FUSE mountpoint then the pristine copies of files would now be decrypted to something completely different than expected. The upside is that the repository contents *are* secure as everything sent to the repository is encrypted, the problem is that it severely cripples the features of subversion and it might be just as good to use a local repository and back it up (with encryption) to the remote server. > > * The svn diff command is rendered useless, as the repository itself is > > comprised, entirely, of encrypted data. > > * The repository will be enormous. Because the data is all encrypted with > > a block cipher, Subversion will be incapable of efficiently storing > > diffs, and compression programs (such as BZip) will, also, have little > > effect. A few basic tests have shown a 300% increase in repository size, > > making it wise to restrict the amount of data stored therein. > > * Conflict-resolution via subversion will also be useless. If a conflict > > occurs, you'll have to manually merge the two versions on the mountpoint. -- __________________________________________________________________________________ Sword Ciboodle is the trading name of ciboodle Limited (a company registered in Scotland with registered number SC143434 and whose registered office is at India of Inchinnan, Renfrewshire, UK, PA4 9LH) which is part of the Sword Group of companies. This email (and any attachments) is intended for the named recipient(s) and is private and confidential. If it is not for you, please inform us and then delete it. If you are not the intended recipient(s), the use, disclosure, copying or distribution of any information contained within this email is prohibited. Messages to and from us may be monitored. If the content is not about the business of the Sword Group then the message is neither from nor sanctioned by us. Internet communications are not secure. You should scan this message and any attachments for viruses. Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this email or any attachment. __________________________________________________________________________________
