New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

.gpg-id file not added to git #35

Closed
annejan opened this Issue Apr 30, 2015 · 5 comments

Comments

Projects
None yet
2 participants
@annejan
Member

annejan commented Apr 30, 2015

This negates the usefulness of user/folder management currently

@annejan annejan self-assigned this Apr 30, 2015

@rdoeffinger

This comment has been minimized.

Contributor

rdoeffinger commented May 2, 2015

Maybe I'm overly paranoid, but in principle as the .gpg-id files are not signed or in any other way authenticated having them handled by git could be slightly risky in some use-case.
In multi-user systems people might also actually want to have different .gpg-id files.
Probably it's worth erring on the side of convenience, just something to possibly think about.

@annejan

This comment has been minimized.

Member

annejan commented May 2, 2015

The .gpg-id files handle for whom a folder is encrypted. Not automatically adding them to git sounds like a massive risk to me.

If I create a folder and what that to for example to only be available for me, I un-tick some of my team and leave only me and the project manager ticked.
Now I add the secret information in that folder fully thinking it will only be encrypted for me and the manager. I push, he/she pulls .. and adds some more . .
That newly added information will be encrypted for all in the base .gpg-id file again without any warning (or obvious way to notice it).

Adding the newly created (by user manager window) .gpg-id file(s) to git negates that problem.

@rdoeffinger

This comment has been minimized.

Contributor

rdoeffinger commented May 2, 2015

I guess I was actually thinking of "no .gpg-id at all in git" vs. "all of them in git". "Just the toplevel .gpg-id in git" I totally agree is probably the worst possible outcome :)

@annejan

This comment has been minimized.

Member

annejan commented May 3, 2015

I think I'll just add a configuration checkbox for automatically adding (newly created by user manager) .gpg-id files to git . .

Would this a1fd6d8 be a solution you are comfortable with @rdoeffinger?

For now won't use git if webDAV is used 1c73153

And has a process queue and path safety (spaces used to break stuff) b224d9e

Also added a nice 'fuzzy' search to the userlist d50a83d

@annejan

This comment has been minimized.

Member

annejan commented May 5, 2015

Merged these changes #42

@annejan annejan closed this May 5, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment