[darcs-users] patch file naming
zooko at zooko.com
Fri Mar 19 22:21:53 UTC 2004
> I agree with your general theory, but including a serial number would
> only (potentially) help with the accidental case. It does nothing to
> improve the "real" problem, which is an attacker injecting inconsistent
> patches into multiple related repos.
Sorry to be unclear -- my suggestion about sequence numbers in place of
timestamps was *not* an attempt to solve the problem of a malicious person
generating two different patches with the same name. I agree with you that it
can't solve that.
My suggestion was intended to prevent (a) an honest person accidentally
generates two different patches with the same name (possibly because a
malicious person is manipulating that honest person's environment),
(b) future versions of darcs, or other darcs-aware software relies on
synchronization between different clocks, thus allowing a malicious person to
abuse that software.
More information about the darcs-users