> At the most obvious level, we've now got some extra information for > checking the consistency of a repository (helpful if, e.g. an http proxy > modifies files in transit).
This is especially important for Windows users, who tend to have random software modify line endings behind their back. (Since they tend to have their repos corrupted in a consistent manner, the normal consistency checks don't notice the corruption.) > The next advantage is that by cryptographically signing the hashed > inventory, you cryptographically sign the entire contents of the repository > (unless someone cracks sha1). This is potentially valuable to high-profile > projects, or projects that use untrusted mirrors. ...and projects that make their tree available over plain HTTP (no TLS). Which is every project known to me. Note, however, that unlike what happens with Git, Monotone or Arch, the hashes do not protect patches in transit: hashes are invalidated when they are commuted. We have been thinking of a hashing algorithm that is invariant w.r.t. commutation at FOSDEM last, and came up with a rather nice design, but it needs implementing[1]. > With hashed inventories it will be possible to implement "lazy" partial > repositories, in which darcs downloads patch files as needed to do the > commands you ask, since we'll have the hash with which to verify that the > patch files haven't been commuted (and therefore are still in the proper > context for our use). It will also be possible to do a darcs pull --sibling ../darcs-unstable http://darcs.net/repos/darcs where a patch will be copied locally if it is found in the sibling repo. As should be clear from the above, I am convinced that hashed inventories are a Good Thing (tm). Juliusz [1] My vow of no hacking ends at the beginning of February. _______________________________________________ darcs-devel mailing list [email protected] http://www.abridgegame.org/cgi-bin/mailman/listinfo/darcs-devel
