[darcs-users] [darcs-devel] [issue992] short secure version identifiers

Max Battcher me at worldmaker.net
Tue Sep 9 22:17:15 UTC 2008 

zooko wrote:
> Hello Max Battcher -- I'm sorry that I didn't see this letter that you 
> wrote to me on darcs-users on 2008-08-12.

Allow me to apologize in return for getting back to this slowly (crazy 
couple of weeks)...

> On Aug 12, 2008, at 21:32 PM, Max Battcher wrote:
> 
>> Just out of curiosity, does he know about context files?  If so does he
>> not find them sufficient?
> 
> Yes he does.  He uses them occasionally on the command-line, but 
> more-over he wrote darcs support in buildbot which uses context files in 
> places where other revision control tools use sequence numbers or secure 
> hashes.
> 
> He is dissatisfied with them because they aren't short and because they 
> aren't secure.

Well, I've argued before that short doesn't necessarily correspond with 
handy or useful.  It can sometimes be easier to find and email a small 
file as it would to open a file or run a program, find an identifier 
amongst the information and then copy and paste it into an email...

> I actually sort of disagree with him on that latter point, or more 
> nuancedly I suspect that the vaunted secure-hash-based integrity checks 
> in monotone, git, et al., which Brian wishes to have in his revision 
> control tool, are actually insufficient to provide the kind of security 
> that we need, but I won't explain more about that in this letter.

My feeling as well, although perhaps I haven't spent as much time 
formalizing it.  I think that for most things we might use version 
identifiers for we can rely on out-of-band security: ie, does it make 
sense for a developer or user to edit a context file to make up some 
version that doesn't exist when trying to interact with the project or 
pointing out a bug?  If we actually need to insure a secure identifier, 
it's easy enough to sign a context file with a GPG key and test for that 
signature...  I could see a potential shortcut in having darcs sign a 
context file (as it does patch bundles with darcs send --sign), but does 
darcs changes really need --sign or -o?

Anyway, is a hashed context file much different from Darcs 2's hashed 
inventory files?  I don't know if there is any use in exploring that 
relationship...  My gut feeling is that it wouldn't be all that useful, 
but that could just be lack of imagination at the moment.  Maybe you 
could ask Brian for specific usage scenarios where a shorter/securer 
identifier is nice/necessary/simpler?

>> I still think that right now the best documentation on context files is
>> my own blog post:
> 
> By the way, way to go on adding more documentation to darcs!  Please 
> keep up your practice of converting your blog posts into wiki or manual 
> pages.

Thanks.  I may not have much opportunity to do so this Fall, but we'll see.

--
--Max Battcher--
http://www.worldmaker.net/

More information about the darcs-users mailing list