On Sun, Apr 19, 2009 at 3:50 PM, Tom Hawkins <[email protected]> wrote: > We use a repository on a remote machine for collaboration between > developers in different locations. Is there any to secure a remote > repository even if the machine itself is insecure? In our case, the > remote machine is managed by a 3rd party, not our company. > > Could this be simply a matter building scripts on top of darcs (ie. > for encrypting and decrypting patches), or would this have to be built > into darcs itself? Ideally, the only thing we would like to see saved > on the remote machine is one big encrypted file, with none of the keys > stored on, or sent to the remote machine.
Hi Tom, Admittedly this is not an issue that darcs itself handles. For the most part darcs encourages you to use the tools that are already at your disposal for security... To be honest, I don't think that there are any truly (paranoid) secure solutions beyond trusting any third parties that you work with. If you want an example of something to try, if your hosting provider supports Fuse, you could try sandboxing your repository into an encrypting file system under Fuse. However you still have to manage the encrypted file system's key(s), and at some point the key has to be passed to the machine with the repository and if you truly can't trust your third party, it's possible that they might try to intercept your key somewhere along the line. I think you would be best served to investigate security best practices and the techniques involved in securing private data, and most of whatever help you get in general guidelines should be applicable to a darcs repository. Good luck in your quest. -- --Max Battcher-- http://www.worldmaker.net/ _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
