From: Martin L Resnick <mresnick@bbn.com>
To: Phil Hord <hordp@cisco.com>
Cc: "Magnus Bäck" <magnus.back@sonyericsson.com>, git@vger.kernel.org
Subject: Re: ACLs for GIT
Date: Mon, 16 May 2011 11:36:08 -0400 [thread overview]
Message-ID: <4DD14468.1000401@bbn.com> (raw)
In-Reply-To: <4DD143CA.3000700@cisco.com>
Wonderful. Thanks a lot.
That's a great idea to use submodules WITH encrypting the source.
I like it! I'm going to propose we use it.
Thanks for the suggestion.
On 05/16/2011 11:33 AM, Phil Hord wrote:
> On 05/16/2011 09:22 AM, Martin L Resnick wrote:
>> Thanks Mangus.
>>
>> You pointed out some hurdles I'll have to think about
>> (blocked files not matching the SHA and so can't be committed).
>>
>> As to why I want to do this consider NSA non-export rules.
>> Our application would be built with NSA encryption
>> but we have foreign nationals working on the code
>> and so they are not permitted to see that part.
>> The makefiles look to see if the NSA encryption code file
>> is there and link it in. If not a stub is used.
>
> We use submodules for this same need here. If the submodule is loaded,
> the code is used from that. If not, pre-built binaries are used
> instead. These could be stubs.
>
> When we share code with outside partners, we give them access only to
> the modules they need.
>
> We further guard the code in the submodule by PGP-encrypting the source
> files and storing them in the repository (as binaries). This practice
> lets us be more free with the repository and not worry so much that it
> may be cloned well out of our control. Storing code as shrouded
> binaries negates much of git's power, but only for this one submodule.
> Our other submodules are still quite git-friendly.
>
> Phil
>
>
next prev parent reply other threads:[~2011-05-16 15:36 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-15 19:24 ACLs for GIT Martin L Resnick
2011-05-15 20:15 ` Magnus Bäck
2011-05-16 13:22 ` Martin L Resnick
2011-05-16 15:26 ` Richard Peterson
2011-05-16 15:33 ` Phil Hord
2011-05-16 15:36 ` Martin L Resnick [this message]
2011-05-16 16:28 ` Jakub Narebski
2011-05-15 20:16 ` R. Tyler Croy
2011-05-16 13:22 ` Martin L Resnick
2011-05-17 1:32 ` Sitaram Chamarty
2011-05-17 1:49 ` Shawn Pearce
2011-05-17 12:08 ` Sitaram Chamarty
2011-05-17 14:06 ` Shawn Pearce
2011-05-17 15:41 ` Sitaram Chamarty
2011-05-15 20:28 ` Marc Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DD14468.1000401@bbn.com \
--to=mresnick@bbn.com \
--cc=git@vger.kernel.org \
--cc=hordp@cisco.com \
--cc=magnus.back@sonyericsson.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).