No subject

encrypts data symmetrically with a random key and then asymmetrically
encrypts the symmetric key.  This allows mutliple people's keys to
decrypt a single encrypted file.  In this case revoking a user's key
could take two forms: you could assume the user already has a copy of
everything currently in the repo and just exclude them from future
changes, or you could re-encrypt the repo with a new symmetric key.

If there is a better way of managing keys I'd definitely curious...

Thanks
-Ryan