mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git-annex.branchable.com

Browse source
This commit is contained in:
Joey Hess 2018-12-04 15:20:00 -04:00
commit 31d44d5726
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
2 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
doc/todo/encrypt_only_the_credentials/comment_2_76fdfa927562d33dfea9630b3b729220._comment Normal file
View file

@ -0,0 +1,8 @@
[[!comment format=mdwn
username="Ilya_Shlyakhter"
avatar="http://cdn.libravatar.org/avatar/1647044369aa7747829c38b9dcc84df0"
subject="comment 2"
date="2018-12-04T18:40:01Z"
content="""
thanks! \"that would cause more gpg prompts\" -- wouldn't gpg-agent prevent that?
"""]]

9
doc/todo/encrypting_URLs.mdwn Normal file
View file

@ -0,0 +1,9 @@
When recording a URL from which a key may be fetched, add an option to store that URL in encrypted form (encrypted to a given public key).
E.g. record the URL as encryptedurl://key_id/[base64-encoded encryption of the original URL].
Many cloud services let you create a pre-signed URL for a non-public file. Anyone with the URL can get the file, so the URL is "public" in that sense;
but you only share the URL with intended recipient(s), not the public. Or you might store files in a bucket that can be publicly read but not listed, and
store files under paths like s3://mybucket/randomstring/myfile ; the URL is "public" but in practice it can't be guessed.
If the URLs could be stored encrypted in the git-annex branch, one could track such files using the ordinary web remote. One could use an S3 export-tree
remote to share a directory with specific recipient(s), without them needing either AWS credentials or git-annex.