(no title)
gnaffle | 11 years ago
I'm not sure what you're getting at. What difference is there (not that you would allow checkouts on unencrypted laptops anyway)?
> In SVN you don't even need to expose the full history, you can grant access to the last revision only.
> In SVN for example you can restrict people to single directories (or even files - I don't remember exactly). That at least is impossible in git. I can prevent pushes using hooks but not reads.
These restrictions may be useful in some cases, but I would wager that they are far more seldom than some of the advantages of git (like being able to work offline).
Xylakant|11 years ago
A checkout from SVN/CVS only contains the last version. Files that were deleted in an earlier version are only on the server. A clone of a DVCS contains all versions and all files that ever were in the repo (unless you use BFG or git-filter-branch, but people tend to forget that). So a clone can contain secrets that people are not aware of, such as accidentally committed and deleted files. An interested party could find stuff that you're not aware off by looking at HEAD.
> (not that you would allow checkouts on unencrypted laptops anyway)?
That's not my call to make, but I agree on that regard. Reality sadly different from what we both wish.
gnaffle|11 years ago
Well, that goes without saying. But I don't think that security argument is a very poor one compared to the huge benefit of having the history locally to inspect.
We've had instances where secrets were committed to local repositories by accident. It never got past review and into the master branch. If it had, we would probably had taken the effort to rewrite that commit out of the history.