Set gcrypt-publish-participants when setting up a gcrypt repository, to avoid unncessary passphrase prompts.

This is a security/usability tradeoff. To avoid exposing the gpg key ids who can decrypt the repository, users can unset gcrypt-publish-participants. The gcrypt-publish-participants option is available in my fork of git-remote-gcrypt. This commit was sponsored by Christopher Kernahan.
2014-07-15 17:33:14 -04:00 · 2014-07-15 17:33:14 -04:00 · ec5ed2af9d
commit ec5ed2af9d
parent 925e1db85b
4 changed files with 23 additions and 2 deletions
--- a/doc/special_remotes/gcrypt.mdwn
+++ b/doc/special_remotes/gcrypt.mdwn
@ -43,3 +43,8 @@ way git-remote-gcrypt encrypts the git repository, you will need to somehow
 force it to re-push everything again, so that the encrypted repository can
 be decrypted by the added keys. Probably this can be done by setting
 `GCRYPT_FULL_REPACK` and doing a forced push of branches.
+
+Recent versions of git-annex configure gcrypt-publish-participants when
+setting up a gcrypt repository. This is done to avoid unncessary gpg
+passphrase prompts, but it does publish the gpg keyids that can decrypt the
+repository. Unset it if you need to obscure that.