2020-10-12 02:32 AEST by Arthur Barrett - we've discussed this many times over the years, but there is not bug for it, so now finally there is.

Derek's CVS 1.12.14 enhancements for Savannah included signed commit id's, but I do not think they included 
encrypted repositories (at least I can't find reference to it anywhere).

We usually say this is the job of the server OS, and that remains our position.

However, there is a particular interaction with CVSNT ACL's.

We may want to set up ACL's so that the Windows Administrator cannot checkout some files/branches.  But if 
the administrator can just 'read' the RCS file anyway, it's a bit poor.  We'd need to combing the CVSNT ACL's 
with Operating System ACL's to ensure the Administrator really cannot read it.

A way around this is to encrypt the repository.  If the repository is encrypted, the Admin can read the file but 
it's useless (as long as the encryption key is out of reach).  

I think the biggest drawback to this idea is that it conflates access control and encryption.  They have 
different security profiles, so this possibly makes security worse, not better.