summaryrefslogtreecommitdiff
path: root/doc/privacy.mdwn
diff options
context:
space:
mode:
authorGravatar Joey Hess <joey@kitenet.net>2013-06-26 14:45:12 -0400
committerGravatar Joey Hess <joey@kitenet.net>2013-06-26 14:45:12 -0400
commit24e5b8afaa573ab3d9b1eb9a73221251f87588b5 (patch)
treee522e7bbf4b222c8388ef99a50fb20d399f67c57 /doc/privacy.mdwn
parented26834c8061738d7613222177e29201e17a4066 (diff)
add
Diffstat (limited to 'doc/privacy.mdwn')
-rw-r--r--doc/privacy.mdwn43
1 files changed, 43 insertions, 0 deletions
diff --git a/doc/privacy.mdwn b/doc/privacy.mdwn
new file mode 100644
index 000000000..0aef18663
--- /dev/null
+++ b/doc/privacy.mdwn
@@ -0,0 +1,43 @@
+git-annex users entrust it with data that is often intensively private.
+Here's some things to know about how to maintain your privacy while using
+git-annex.
+
+## repository contents
+
+In general, anyone who can clone a git repository gets the ability to see
+all current and past filenames in the repository, and their contents.
+It's best to assume this also holds true for git-annex, as a general rule.
+
+There are some obvious exceptions: If you `git annex dropunused` old
+content from all your repositories, then it's *gone*. If you `git annex
+move` files to a offline drive then only those with physical access can see
+their content. (The names of the files are still visible to anyone with a
+clone of the repository.)
+
+git-annex can encrypt data stored in special remotes. This allows you to
+store files in the cloud without exposing their file names, or their
+contents. See [[design/encryption]] for details.
+
+When using the shared enctyption method, the encryption key gets stored
+in git, and so anyone who has a clone of your repository can decrypt files
+from the encrypted special remote.
+
+When using encryption with a GPG key or keys, only those with access to the
+GPG key can decrypt the content of files stored in an encrypted special
+remote.
+
+## bug reporting
+
+When you file a [[bug]] report on git-annex, you may need to provide
+debugging output or details about your repository. In general, git-annex
+does not sanitize `--debug` output at all, so it may include the names of
+files or other repository details. You should review any debug or other
+output you post, and feel free to remove identifying information.
+
+Note that the git-annex assistant *does* sanitize XMPP protocol information
+logged when debugging is enabled.
+
+If you prefer not to post information publically, you can send a GPG
+encrypted mail to Joey Hess <id@joeyh.name> (gpg key ID 2512E3C7).
+Or you can post a public bug report, and send a followup email with private
+details.