[darcs-users] Signing patches

Daniel Carrera daniel.carrera at theingots.org
Fri Apr 10 15:31:36 UTC 2009


Florent Becker wrote:
> Correct me if i'm saying rubbish, but:
> 
> I think that the problem with that approach is that hash verification is
> exponential: in order to check that your hash is good, i have to put U in
> the same context as you in order to get U', that is, put A B C and D in
> the same order. As I have no way to know in what order you saw them, I
> have to try them all…

No. The second part of the definition specifies a unique order: 
alphabetical by hash. So, if A, B, C and D are the dependencies of U, 
you grab the hashes H_a, H_b, H_c, H_d (which you already have), just 
sort them alphabetically (actually, asciibetically) and you're set.

So the order used for the hash is independent of how the patches are 
arranged in the repository. All that we need is that we agree on which 
patches we are looking at. So my suggestion only works if the set of 
dependencies of U is unique up to order.


Daniel.


More information about the darcs-users mailing list