[darcs-users] patch file naming

Zooko O'Whielacronx zooko at zooko.com
Fri Mar 19 22:21:53 UTC 2004


> I agree with your general theory, but including a serial number would 
> only (potentially) help with the accidental case. It does nothing to 
> improve the "real" problem, which is an attacker injecting inconsistent 
> patches into multiple related repos.

Sorry to be unclear -- my suggestion about sequence numbers in place of
timestamps was *not* an attempt to solve the problem of a malicious person
generating two different patches with the same name.  I agree with you that it
can't solve that.

My suggestion was intended to prevent (a) an honest person accidentally
generates two different patches with the same name (possibly because a
malicious person is manipulating that honest person's environment), 
(b) future versions of darcs, or other darcs-aware software relies on
synchronization between different clocks, thus allowing a malicious person to
abuse that software.

Regards,

Zooko





More information about the darcs-users mailing list