[darcs-users] Data Integrity
Nicolas Pouillard
nicolas.pouillard at gmail.com
Thu Apr 9 14:56:48 UTC 2009
Excerpts from Daniel Carrera's message of Thu Apr 09 16:36:14 +0200 2009:
> Nicolas Pouillard wrote:
> > Although making a checksum when tagging is fairly easy and darcs should
> > have an option to insert the hash in the tag description (or make it
> > the default).
> >
> > I would guess that using the pristine hash for this purpose would be fine,
> > in this case this is as simple as :
> >
> > darcs tag $(head -n 1 _darcs/hashed_inventory | cut -d: -f2)
>
> That sounds good. And the 'tag' command could sign the hash. For
> signatures, Darcs could either use GPG or perhaps better, the Haskell
> Cryptographic Library: http://www.haskell.org/crypto/
>
> You could store keys in ~/.darcs/keys so they are not attached to the
> repository.
>
> In fact, Darcs could sign all patches, so that tags are not "special". I
> just took a look at the Darcs 2 format. It looks like it should be easy
> to add an RSA signature. This is what a patch looks like:
Tags are kind of special. This is due to patch commutation that can change
their representation. But by definition a tag patch constrain all patches
that it depends upon to no longer change. So one can store a hash in there.
--
Nicolas Pouillard
More information about the darcs-users
mailing list