|
|
|
|
|
|
by elasticdog
3858 days ago
|
|
|
So, I've skimmed through most of the paper, and it seems like a bit of an apples to oranges comparison. My understanding is that GV2 is an extension to jGit that essentially performs GC on the repo (or more accurately waits to encrypt until post-GC), and then transparently encrypts everything altogether, rather than utilizing clean/smudge filters to encrypt files individually like the tools it's comparing itself to. It's funny that the author dismissed git-remote-gcrypt as being "under development" even though it's a much closer comparison to GV2. The paper mentions that it's measuring the worst-case scenario for the clean/smudge filter-style tools as it's much more likely that you only need to protect a few files and not the entire repository, but I didn't see how the second section actually reflected this more-realistic scenario. I'm not saying that encrypting the entire repository is bad, but the overhead of using filters to encrypt the entire repository is a documented/known limitation of the other tools...so it seems a little odd to gloss over that. Side note, stuff like "This process is repeated a total of 10 iterations for an ample sample size to draw statistical conclusions." worries me, but that's another conversation. Overall though, glad to see more research in this area, and it sounds like GV2 might be a decent solution for people looking to protect their data in certain scenarios. |
|
|
My needs are such that I might only want to encrypt a few files, and filters do an adequate job here. But I can understand a limitation where all objects must be encrypted, and thus filter perf is not appropriate.
Filters also have the limitation of leaking the commit and tree information, which may also be sensitive data on some projects.
This is an interesting strategy, and I'm glad to see more research done here, regardless.