From 4b4d302bcd168732c0e04d76bb387fd04fce06b5 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Tue, 15 Jul 2014 17:33:14 -0400
Subject: Set gcrypt-publish-participants when setting up a gcrypt repository,
 to avoid unncessary passphrase prompts.

This is a security/usability tradeoff. To avoid exposing the gpg key ids
who can decrypt the repository, users can unset
gcrypt-publish-participants.

The gcrypt-publish-participants option is available in my fork of
git-remote-gcrypt.

This commit was sponsored by Christopher Kernahan.
---
 doc/special_remotes/gcrypt.mdwn | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc')

diff --git a/doc/special_remotes/gcrypt.mdwn b/doc/special_remotes/gcrypt.mdwn
index ac98c43bb..2e07741d3 100644
--- a/doc/special_remotes/gcrypt.mdwn
+++ b/doc/special_remotes/gcrypt.mdwn
@@ -43,3 +43,8 @@ way git-remote-gcrypt encrypts the git repository, you will need to somehow
 force it to re-push everything again, so that the encrypted repository can
 be decrypted by the added keys. Probably this can be done by setting
 `GCRYPT_FULL_REPACK` and doing a forced push of branches.
+
+Recent versions of git-annex configure gcrypt-publish-participants when
+setting up a gcrypt repository. This is done to avoid unncessary gpg
+passphrase prompts, but it does publish the gpg keyids that can decrypt the
+repository. Unset it if you need to obscure that.
-- 
cgit v1.2.3