Re: [Gnu-arch-users] oh the heck with it -- tla-1.2pre0

[Tom Lord]

    > From: Andrew Suffield <address@hidden>

    > People have tried to abuse the encryption form for one-to-many
    > purposes before now (either via a shared secret, which defeats
    > the point, or via encrypting multiple times, which is an
    > infeasible use of resources). It doesn't work - at best, it is
    > equivalent to a shared secret system.

This sounds like just a configuration issue.  A good point but more
about how to use the proposed feature rather than an argument against
it.

If I have N sites to whom I need to xmit an encrypted archive, there's
no reason I can't make N separately encrypted mirrors.

In fact, one of my arguments against the feature -- that you don't
want an _archival_ format encrypted -- also doesn't hold up.   Only
the publicly visible mirrors need encrypting.

The only argument against I see left is that while encryption of
changesets, import copies, CONTINUATION files, log messages,
archive-cached revisions and (perhaps) checksum files is easy --
encryption of category, branch, version, and revision _names_ is not.
That's why wonder if a VPN isn't a better solution.

But even there, duh -- is there some reason not to use just sftp?


-t