[TriLUG] best encryption solution for encrypting source control?

[Igor Partola]

git is in all cases better than SVN and is in fact simpler, but that's a discussion for another time.

My personal stance is that once an adversary has access to your box, you can assume they got root. There are plenty of local exploits exposed every month. All they have to do is wait for one. Once they have that, they will replace your gpg executable on the box with a wrapper that gives them your passphrase. Same with ssh, login, sudo. Because of this you should avoid typing your password into a remote box. I prefer authenticating and getting authorized based on my ssh key.

Igor

P.S.: don't forget that if you forward your ssh agent to a compromise Xbox, you are effectively giving the attacker access to all your other boxes where your public key is in the authorizes_hosts file. Do use two factor auth for ssh and a VPN on top of that.