[darcs-devel] repository "weak" hash
Ganesh Sittampalam
ganesh at earth.li
Sat Apr 10 17:47:32 UTC 2021
Hi,
A couple of comments. I agree about the other things you said.
On 10/04/2021 07:43, Ben Franksen wrote:
> A second and more fundamental one is that this is all about mere meta
> data hashes, so the "weak" hash is only secure under the assumption of
> global uniqueness of meta data (more precisely: the assumption is that
> meta data uniquely maps to patch identity in the strong sense of
> "representation in minimal context").
I think this was the main reason for calling them weak in the first
place. From what I remember we were keen to not give the impression that
they are somehow secure identifiers.
> Furthermore: if we work with (=trust) meta data hashes anyway, then
> there is no reason to include all patches in the repository hash! It is
> enough to hash the meta data hashes from the latest clean tag up to the
> head i.e. the patches referenced by the head inventory. Because if we
> trust meta data hashes, then we must also trust that a clean tag
> uniquely identifies the set of all patches preceding it. Insisting on
> combining the (meta data) hashes of all patches in a repo amounts to
> trusting in the global uniqueness property for regular patches but
> distrusting it for tags; which makes no sense at all if you ask me.
I think this was discussed when the hashes were being introduced, but I
can't remember exactly why it wasn't done that way. One downside is that
it introduces ambiguity: "the latest clean tag" is not guaranteed
unambiguous for a given set of patches/tags, because of reorderings.
Cheers,
Ganesh
More information about the darcs-devel
mailing list