[darcs-users] [darcs-devel] [issue992] short secure version identifiers
Max Battcher
me at worldmaker.net
Tue Sep 9 22:17:15 UTC 2008
zooko wrote:
> Hello Max Battcher -- I'm sorry that I didn't see this letter that you
> wrote to me on darcs-users on 2008-08-12.
Allow me to apologize in return for getting back to this slowly (crazy
couple of weeks)...
> On Aug 12, 2008, at 21:32 PM, Max Battcher wrote:
>
>> Just out of curiosity, does he know about context files? If so does he
>> not find them sufficient?
>
> Yes he does. He uses them occasionally on the command-line, but
> more-over he wrote darcs support in buildbot which uses context files in
> places where other revision control tools use sequence numbers or secure
> hashes.
>
> He is dissatisfied with them because they aren't short and because they
> aren't secure.
Well, I've argued before that short doesn't necessarily correspond with
handy or useful. It can sometimes be easier to find and email a small
file as it would to open a file or run a program, find an identifier
amongst the information and then copy and paste it into an email...
> I actually sort of disagree with him on that latter point, or more
> nuancedly I suspect that the vaunted secure-hash-based integrity checks
> in monotone, git, et al., which Brian wishes to have in his revision
> control tool, are actually insufficient to provide the kind of security
> that we need, but I won't explain more about that in this letter.
My feeling as well, although perhaps I haven't spent as much time
formalizing it. I think that for most things we might use version
identifiers for we can rely on out-of-band security: ie, does it make
sense for a developer or user to edit a context file to make up some
version that doesn't exist when trying to interact with the project or
pointing out a bug? If we actually need to insure a secure identifier,
it's easy enough to sign a context file with a GPG key and test for that
signature... I could see a potential shortcut in having darcs sign a
context file (as it does patch bundles with darcs send --sign), but does
darcs changes really need --sign or -o?
Anyway, is a hashed context file much different from Darcs 2's hashed
inventory files? I don't know if there is any use in exploring that
relationship... My gut feeling is that it wouldn't be all that useful,
but that could just be lack of imagination at the moment. Maybe you
could ask Brian for specific usage scenarios where a shorter/securer
identifier is nice/necessary/simpler?
>> I still think that right now the best documentation on context files is
>> my own blog post:
>
> By the way, way to go on adding more documentation to darcs! Please
> keep up your practice of converting your blog posts into wiki or manual
> pages.
Thanks. I may not have much opportunity to do so this Fall, but we'll see.
--
--Max Battcher--
http://www.worldmaker.net/
More information about the darcs-users
mailing list