I’m not sure if someone will answer over there as that would mean reviewing the crypto, which is not an easy task. For the record, I’ll copy the comment I’ve left over there:
I did try to follow industry standards when I’ve implemented E2EE. Additionally, the crypto has recently been audited and as a result various improvements have been made. I’m planning to post a summary of what the cryptographer found and what changes were made soon.
But to answer your question: storing the encrypted notes on a public repo. While the content of the note might be secure, you can still leak information with a public repo, such as:
- The size of the notes
- Which ones you frequently change
- Possibly your time zone, based on when you make changes
- How many notes or notebooks you have
Maybe none of this information is very important, but to be safe I'd stay away from a public repo.
I guess another question is: why would you even want to put your notes in a public repo to begin with?
I am not the author of the question.
The only thing in common that I use also a BitBucket (alternaive to GitLab, GitHub,...) from my company.