内容简介:This blog post is a comparison of encrypted Git remote implementations. A Git remote is a combination of storage space on a remote server, remote server software and local software working together. An encrypted Git remote is a Git remote which makes sure
This blog post is a comparison of encrypted Git remote implementations. A Git remote is a combination of storage space on a remote server, remote server software and local software working together. An encrypted Git remote is a Git remote which makes sure that the storage space on the remote server contains the Git objects encrypted. It is useful if the Git repository contains sensitive information (e.g. passwords, bank account details), and the remote server is not trusted to keep such information hidden from unauthorized readers.
See the recent Hacker News dicsussion Keybase launches encrypted Git for the encrypted, hosted cloud Git remote provided by Keybase.
Comparison
-
name of the Git remote software
- grg: git-remote-gcrypt
- git-gpg: git-gpg
- keybase: git-remote-keybase, the encrypted, hosted cloud Git remote provided by Keybase
-
does it support collaboration (users with different keys pull and push)?
- grg: yes
- git-gpg: yes
- keybase: yes
-
does it encrypt the local .git repository directory?
- grg: no
- git-gpg: no
- keybase: no
-
does it encrypt any files in the local working tree?
- grg: no
- git-gpg: no
- keybase: no
-
does it encrypt the remote repository users push to?
- grg: yes, it encrypts locally before push
- git-gpg: yes, it encrypts locally before push
- keybase: yes, it encrypts locally before push
-
by looking at the remote files, can anyone learn the total the number of Git objects?
- grg: no
- git-gpg: yes
- keybase: probably yes
-
can root on the remote server learn the list of contributors (users who do git pull and/or git push)?
- grg: yes, by making sshd log which SSH public key was used
- git-gpg: yes, by making sshd log which SSH public key was used
- keybase: yes
-
by looking at the remote files, can anyone learn the list of contributors (users who do git pull and/or git push)?
- grg: no
- git-gpg: no
- keybase: probably yes
-
by looking at the remote files, can anyone learn when data was pushed?
- grg: yes
- git-gpg: yes
- keybase: probably yes
-
does it support hosting of encrypted remotes on your own server?
- grg: yes
- git-gpg: yes
- keybase: no, at least not by default, and not documented
-
supported remote repository types
- grg: rsync, local directory, sftp, git repo (local or remote)
- git-gpg: rsync, local directory
- keybase: custom, data is stored on KBFS (Keybase filesystem, an encrypted network filesystem)
-
required software on the remote server
- grg: sshd, (rsync or sftp-server or git)
- git-gpg: sshd, rsync
- keybase: custom, the KBFS server, there are no official installation instructions
-
required local software
- grg: git, gpg, ssh, (rsync or sftp), git-remote-gcrypt
- git-gpg: git, gpg, ssh, rsync, Python (2.6 or 2.7), git-gpg
- keybase: binaries provided by Keybase: keybase, git-remote-keybase, kbfsfuse (only for remote repository creation)
-
product URL with installation instructions
- grg: https://git.spwhitton.name/git-remote-gcrypt/tree/README.rst
- git-gpg: https://github.com/glassroom/git-gpg
- keybase: https://keybase.io/blog/encrypted-git-for-everyone
-
source code URL
- grg: https://git.spwhitton.name/git-remote-gcrypt/tree/git-remote-gcrypt
- git-gpg: https://github.com/glassroom/git-gpg/blob/master/git-gpg
- keybase: https://github.com/keybase/kbfs/blob/master/kbfsgit/git-remote-keybase/main.go
-
implementation language
- grg: Unix shell (e.g. Bash), single file
- git-gpg: Python 2.6 and 2.7, single file
- keybase: Go
-
source code size, number of bytes, including comments
- grg: 21 448 bytes
- git-gpg: 19 702 bytes
-
keybase: 5 617 305 bytes (including
client/go/libkb/**/*.goandkbfs/{env,kbfsgit,libfs,libgit,libkbfs}/**/*.go)
-
is the source code easy to understand?
- grg: yes, but some developers reported it's less easy than git-gpg
- git-gpg: yes
- keybase: no, because it's huge; individual pieces are simple
-
encryption tool used
- grg: gpg (works with old versions, e.g. 1.4.10 from 2008)
- git-gpg: gpg (works with old versions, e.g. 1.4.10 from 2008)
- keybase: custom, written in Go
-
is it implemented as a Git remote helper?
-
grg: yes,
git pushetc. works -
git-gpg: no, it works as
git gpg pushinstead ofgit pushetc. -
keybase: yes,
git pushetc. works
-
grg: yes,
-
how much extra disk space does it use locally, per repository?
- grg: less than 1000 bytes
- git-gpg: stores 2 extra copies of the .git repository locally, one of them containing only loose objects (thus mostly uncompressed)
- keybase: less than 1000 bytes
-
how much disk space does it use remotely, per repository?
git repack
以上所述就是小编给大家介绍的《Comparison of encrypted Git remote implementations (2017)》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
