document encryption

doc/special_remotes/Amazon_S3.mdwn

@@ -9,11 +9,12 @@ See [[walkthrough/using_Amazon_S3]] for usage examples.
 A number of parameters can be passed to `git annex initremote` to configure
 the S3 remote.
 
-* `encryption` - Required. Either "none" to disable encryption,
+* `encryption` - Required. Either "none" to disable encryption
+  (not recommended),
   or a value that can be looked up (using gpg -k) to find a gpg encryption
   key that will be given access to the remote. Note that additional gpg
   keys can be given access to a remote by rerunning initremote with
-  the new key id.
+  the new key id. See [[encryption]].
 
 * `datacenter` - Defaults to "US". Other values include "EU",
   "us-west-1", and "ap-southeast-1".
@@ -28,13 +29,3 @@ the S3 remote.
 * `bucket` - S3 requires that buckets have a globally unique name, 
   so by default, a bucket name is chosen based on the remote name
   and UUID. This can be specified to pick a bucket name.
-
-## data security
-
-When encryption=none, there is **no** protection against your data being read
-as it is sent to/from S3, or by Amazon when it is stored in S3. This should
-only be used for public data.
-
-** Encryption is not yet supported. **
-
-See [[design/encryption]].

doc/special_remotes/bup.mdwn

@@ -15,11 +15,12 @@ for example; or clone bup's git repository to further back it up.
 
 These parameters can be passed to `git annex initremote` to configure bup:
 
-* `encryption` - Required. Either "none" to disable encryption,
+* `encryption` - Required. Either "none" to disable encryption of content
+  stored in bup (ssh will still be used to transport it securely),
   or a value that can be looked up (using gpg -k) to find a gpg encryption
   key that will be given access to the remote. Note that additional gpg
   keys can be given access to a remote by rerunning initremote with
-  the new key id.
+  the new key id. See [[encryption]].
 
 * `buprepo` - Required. This is passed to `bup` as the `--remote`
   to use to store data. To create the repository,`bup init` will be run.
@@ -34,13 +35,3 @@ can be used to, for example, limit its bandwidth.
 
 [[git-annex-shell]] does not support bup, due to the wacky way that bup
 starts its server. So, to use bup, you need full shell access to the server.
-
-## data security
-
-When encryption=none, there is **no** protection against your data being read
-by anyone who can access the bup remote. However, bup does transfer data
-using ssh, and if you trust the security of the remote, that's fine.
-
-** Encryption is not yet supported. **
-
-See [[design/encryption]].

doc/special_remotes/directory.mdwn

@@ -1,8 +1,8 @@
 This special remote type stores file contents in directory.
 
-One use case for this would be if you have a removable drive, that you
-cannot put a git repository on for some reason, and you want to use it
-to sneakernet files between systems. Just set up both systems to use
+One use case for this would be if you have a removable drive that
+you want to use it to sneakernet files between systems (possibly with
+[[encrypted|encryption]] contents). Just set up both systems to use
 the drive's mountpoint as a directory remote.
 
 Setup example: