[darcs-users] Data Integrity
Daniel Carrera
daniel.carrera at theingots.org
Fri Apr 10 13:34:54 UTC 2009
Trent W. Buck wrote:
> Rather than a checksum, you can create a context file (string), which
> identifies a repository state uniquely.
>
> Note that AB and B'A' will (probably) have different context files. I
> don't know if that matters to your use case -- I don't really understand
> your use case.
Use cases:
1. You pull a patch from Daniel's repository. You want to know with
cryptographic certainty that the patch really came from Daniel, and that
it was not corrupted or maliciously tampered with.
2. You discover a backdoor, or illegal material in the software. You
want to know with cryptographic certainty who is responsible for that patch.
3. You want to have a ring of trust, or a web of trust, and only accept
patches from trusted individuals when you do a pull.
4. You are a user or distributor. You pull from the upstream repository
by specifying a tag (e.g. "Linux Kernel 2.6.32"). You want to know with
cryptographic certainty that the thing you are getting is exactly the
thing that Linus Torvalds committed and tagged.
Does this make things clearer?
> Darcs can certainly sign patches, though unfortunately this is only
> supported during transmission layer, *not* in the repository itself.
> This is done with darcs send --sign.
Some of us don't use darcs send. I find the whole patch-by-email wholy
inconvenient, but I'm very happy with push and pull over SSH. In any
case, this doesn't really help with the use cases above.
> I for one would certainly support any work to improve Darcs scanty trust
> models. In particular, it sounds like a good idea for patches to get
> signed at record (not send) time, and stay signed.
Yeah.
Cheers,
Daniel.
More information about the darcs-users
mailing list