[darcs-devel] [issue2644] detect "invalid" patches on pull and apply

Ganesh Sittampalam ganesh at earth.li
Fri May 8 21:54:25 UTC 2020


Hi,

> Again, violations of global uniqueness cannot, in general, be judged
> valid or invalid objectively. All we can do is detect if there is an
> inconsistency between two repos.
[..]
> The algorithm for checking consistency between a local repo and a remote
> one is similar to what we do when we merge patches.
> 
> We first download only inventories, starting with the latest one and
> stopping as soon as a parent inventory coincides with one of our own.
> This can be cheaply tested by comparing their inventory hashes. This
> gives us a guaranteed common starting point: we know that up to that
> point the histories are completely identical (modulo hash collisions for
> SHA256).

Inventories only contain hashes of patch metadata, so I think it's
possible for two histories to produce the same inventory but with
different patch contents. This could probably only arise in practice due
to malicious edits, unless there's some way duplicates could lead to it.

Other than that your algorithm sounds correct to me and seems like a
good idea. But it's potentially quite a big caveat.

Cheers,

Ganesh


More information about the darcs-devel mailing list