[darcs-users] Data Integrity

Trent W. Buck trentbuck at gmail.com
Fri Apr 10 13:31:55 UTC 2009


Daniel Carrera <daniel.carrera at theingots.org> writes:

> You could store keys in ~/.darcs/keys so they are not attached to the
> repository.

I encourage anyone working on this to check out the prior art.  In
particular, Debian has recently (in 3.1 or 4.0) added trust support to
its package distribution facilities, such that packages can't be
installed from untrusted repositories without a manual override.

See apt-key(8) and so on.

I'm not sure that a single keychain would be adequate granularity for
me.  For example, I want to trust Eric's work in my Darcs branches, but
I don't want to accidentally trust him in my government project branches.

> In fact, Darcs could sign all patches, so that tags are not
> "special".

Some people do not have GPG keys.  I do not think Darcs should force
newbies to create keys before they can submit patches, so I think there
needs to be a way to have unsigned patches, and to add a signature later
on.

> So now, every time you pull a patch, Darcs would check the
> signature. And for a tag, Darcs would also check that the hash in the
> tag matches the current pristine tree hash. With these features, I
> think Darcs would largely close the gap with the other more
> integrity-oriented SCMs.

You've been talking about "integrity", which to my mind is a separate
issue from having trust infrastructure.  Are we talking about one or the
other, or both?



More information about the darcs-users mailing list