[darcs-users] sugggestion on command naming

Adam Megacz adam at megacz.com
Fri Mar 12 04:09:57 UTC 2004 

David Roundy <droundy at abridgegame.org> writes:
> Hmmm.  I guess the problem is that it seems to me that with a properly
> configured repository, the email option should be the default.  After all,

I think the email solution is really elegant, but we eventually
decided against it since we put a ton of effort into setting up a
keying system based on ssh keys, and nobody wants to learn PGP (and
maintain a new set of keys 


> if someone wants to push patches to the darcs repository, email is the way
> it is done.

PGP is a major barrier to this becoming the "preferred method".
*Especially* the fact that there is no tool to convert RSA keys in
standard formats (X.509, OpenSSH, PEM, etc) to PGP RSA keys -- even
though at the mathematical level they are certainly equivalent (and
X.509/OpenSSH/PEM are all mutually convertible using freely available
tools).

I dunno, I was really psyched when I first read that darcs supported
this, but not being able to use our existing trust infrastructure is a
big letdown.  One possibility would be to provide an option to use
openssl to sign using ssh keys -- this would make darcs a lot more
attractive to people who already use them.  Openssh's ~/.ssh/id_rsa is
just a DER-encoded RSA private key (ie 'openssl rsa' can read it); in
fact you could probably do this with just a few lines of code to
invoke the openssl binary rather than having to link against any
libraries.


> I don't like the idea of darcs (by default) going out and trying to
> ssh to another computer just to see if you have permission to run
> some program named darcs on some other computer, and whether running
> that program is successful.

That's fine; I just think push-and-DONT-apply is really confusing.  I
still don't really understand what it does.  What is it useful for?
When I push a patch using email, why would I not want to apply it?
And what happens to the patch if it doesn't get applied?  Does it go
to patch heaven? ;)


> True, if your project is a one-developer project, you might like
> --and-apply to be the default, but darcs is designed with multi-user
> projects in mind, and in such an environment, --and-apply is
> unlikely to be helpful.  True, there could be a central user account
> to which everyone has ssh access, but that's a unique (and not
> necesarily common) situation.

Actually most multi-developer projects have already been forced
(largely by cvs's lameness) to set up ssh keying.  I'm on the gcc
staff, and the FSF has already put considerable effort into doing
this.  Likewise with every project on sourceforge.net. (actually
sourceforge in general).


> --apply, and something like _darcs/prefs/apply_using_sudo_as to indicate
> that users are encouraged to --apply-as.  (Yes, I realize those are stupid

I'm also not 100% clear on the apply-as... is this to keep all the
permissions correct?  If so, shouldn't you be using 'chmod g+s'?

  - a

More information about the darcs-users mailing list