diff options
author | 2014-07-15 17:33:14 -0400 | |
---|---|---|
committer | 2014-07-15 17:33:14 -0400 | |
commit | 4b4d302bcd168732c0e04d76bb387fd04fce06b5 (patch) | |
tree | 8cf3e71a238298773ea0a905dec0e12b8e13570c /doc | |
parent | a5a92f89d200ce109cdcfc72e2a21f4d92eef2cf (diff) |
Set gcrypt-publish-participants when setting up a gcrypt repository, to avoid unncessary passphrase prompts.
This is a security/usability tradeoff. To avoid exposing the gpg key ids
who can decrypt the repository, users can unset
gcrypt-publish-participants.
The gcrypt-publish-participants option is available in my fork of
git-remote-gcrypt.
This commit was sponsored by Christopher Kernahan.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/special_remotes/gcrypt.mdwn | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/special_remotes/gcrypt.mdwn b/doc/special_remotes/gcrypt.mdwn index ac98c43bb..2e07741d3 100644 --- a/doc/special_remotes/gcrypt.mdwn +++ b/doc/special_remotes/gcrypt.mdwn @@ -43,3 +43,8 @@ way git-remote-gcrypt encrypts the git repository, you will need to somehow force it to re-push everything again, so that the encrypted repository can be decrypted by the added keys. Probably this can be done by setting `GCRYPT_FULL_REPACK` and doing a forced push of branches. + +Recent versions of git-annex configure gcrypt-publish-participants when +setting up a gcrypt repository. This is done to avoid unncessary gpg +passphrase prompts, but it does publish the gpg keyids that can decrypt the +repository. Unset it if you need to obscure that. |