[darcs-users] Data Integrity

Daniel Carrera daniel.carrera at theingots.org
Fri Apr 10 13:34:54 UTC 2009


Trent W. Buck wrote:
> Rather than a checksum, you can create a context file (string), which
> identifies a repository state uniquely.
> 
> Note that AB and B'A' will (probably) have different context files.  I
> don't know if that matters to your use case -- I don't really understand
> your use case.

Use cases:

1. You pull a patch from Daniel's repository. You want to know with 
cryptographic certainty that the patch really came from Daniel, and that 
it was not corrupted or maliciously tampered with.

2. You discover a backdoor, or illegal material in the software. You 
want to know with cryptographic certainty who is responsible for that patch.

3. You want to have a ring of trust, or a web of trust, and only accept 
patches from trusted individuals when you do a pull.

4. You are a user or distributor. You pull from the upstream repository 
by specifying a tag (e.g. "Linux Kernel 2.6.32"). You want to know with 
cryptographic certainty that the thing you are getting is exactly the 
thing that Linus Torvalds committed and tagged.


Does this make things clearer?



> Darcs can certainly sign patches, though unfortunately this is only
> supported during transmission layer, *not* in the repository itself.
> This is done with darcs send --sign.

Some of us don't use darcs send. I find the whole patch-by-email wholy 
inconvenient, but I'm very happy with push and pull over SSH. In any 
case, this doesn't really help with the use cases above.


> I for one would certainly support any work to improve Darcs scanty trust
> models.  In particular, it sounds like a good idea for patches to get
> signed at record (not send) time, and stay signed.

Yeah.

Cheers,
Daniel.


More information about the darcs-users mailing list