[darcs-users] Data Integrity

[Trent W. Buck]

Daniel Carrera <daniel.carrera at theingots.org> writes:

> Hello,
>
> I tried using Monotone for a while, but I have now gone back to
> Darcs. I just find it so convenient to make change A, then B, then C,
> and then decide I want to modify or delete A and I can just do
> it. It's great!
>
> But I do wish that Darcs had the integrity guarantees that Monotone
> has (and apparently Git and Mercurial too). Does anyone know if there
> has been any work in this area? It looks like a difficult problem. If
> you can re-order patches, as you can with Darcs, I can't immediately
> see how you can make a checksum that will work correctly whether a
> repository has patches AB or patches B'A'.

Rather than a checksum, you can create a context file (string), which
identifies a repository state uniquely.

Note that AB and B'A' will (probably) have different context files.  I
don't know if that matters to your use case -- I don't really understand
your use case.

> You /could/ make it so that all patches are digitally signed. So, if
> you download patch A, Darcs might modify it into A' before applying
> it, but you can at least verify that A was written by Daniel Carrera
> because it has his signature. Anyone know if that would be a difficult
> feature?

Darcs can certainly sign patches, though unfortunately this is only
supported during transmission layer, *not* in the repository itself.
This is done with darcs send --sign.

Also note that (AFAIK) this only supports GPG signing, and not the
centralized stuff (ca-thingy?  I don't really know).

I for one would certainly support any work to improve Darcs scanty trust
models.  In particular, it sounds like a good idea for patches to get
signed at record (not send) time, and stay signed.