How secure is GIT bundle

Question

I have two identical repositories on two separated internet-less machines.
The code is sensitive and cannot be exposed to the outside world (even not its diff).

How secure is a git bundle file which contains only a delta update?
I know that one cannot pull from it if he does not have the initial base - git bundle verify will fail.
Opening the file with text editor does not reveal any segment of code.
Is there a way for a third party to open and see the code within?
How secure is it?

If you are distributing compiled code, people can reverse engineer it. — Daniel Mann, Feb 17 '20 at 14:17

score 4 · Answer 1 · answered Feb 17 '20 at 14:39

4

It's not secure at all — it contains the same code (or the same diff) that will be applied to repositories. If you cannot expose the repositories (even diff) you cannot expose bundles.

If you want to pass bundles in a secure manner encrypt them.

answered Feb 17 '20 at 14:39

phd

82,685
13
120
165

How secure is GIT bundle

1 Answers1