No subject

"stolen snapshot == catastrophic failure" and "stolen history ==
catastrophic failure".

The first failure is clearly a subset of the second, but even the
first is unacceptable, and so it doesn't really matter if the second
is "worse". Make that the principle point and argue that "security" by
hiding the history is bogus. You want real security.

It is a standard rule in cryptography that you should gather all your
security in the size of the keys -- it makes the analysis cleaner and
easier when all you assume is the secrecy of your keys. I think the
same applies here: put your trust on the harddisk encryption of the
laptops, make that your core trusted part, and then both failure
scenarios above are handled.

That said, then there are attemps to bring such shallow clones to
Mercurial, but mostly because some histories can be so big that it is
inconvenient to pull all of it. This page has some information:

  http://www.selenic.com/mercurial/wiki/index.cgi/ShallowClone

-- 
Martin Geisler

VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multi-Party Computation) to Python. See: http://viff.dk/.