>> I believe that this lack of end-to-end validation is a serious limitation
>> of Darcs. It's difficult to fix, though, due to the need to commute
>> patch files around.
> I think a hashed inventory will go a long way towards eliminating this sort
> of problem,
I agree, but I'd still like to see *end-to-end* validation for Darcs.
This is the only Arch feature that I miss in Darcs.
End-to-end validation would consist in a hash computed by the
originator of a patch, which would then be checked even if the patch
went through an arbitrary number of repositories in the meantime.
End-to-end validation protects against all sort of corruption,
including on-the-wire corruption, on-disk corruption, in-memory
corruption, and, if the hashes are cryptographically signed,
intentional tampering.
The trouble with that is that Darcs plays the commutation game, which
invalidates any form of end-to-end hash. The obvious solution would
be to compute hashes in a minimal context, but I'm not sure whether
that would be computationally feasible.
Juliusz
_______________________________________________
darcs-users mailing list
[email protected]
http://www.abridgegame.org/mailman/listinfo/darcs-users
