Nicolas Pouillard wrote:
Although making a checksum when tagging is fairly easy and darcs should
have an option to insert the hash in the tag description (or make it
the default).
I would guess that using the pristine hash for this purpose would be fine,
in this case this is as simple as :
darcs tag $(head -n 1 _darcs/hashed_inventory | cut -d: -f2)
That sounds good. And the 'tag' command could sign the hash. For
signatures, Darcs could either use GPG or perhaps better, the Haskell
Cryptographic Library: http://www.haskell.org/crypto/
You could store keys in ~/.darcs/keys so they are not attached to the
repository.
In fact, Darcs could sign all patches, so that tags are not "special". I
just took a look at the Darcs 2 format. It looks like it should be easy
to add an RSA signature. This is what a patch looks like:
[Issue #011: Write hello-world.
[email protected]**20090331192735]
hunk ./hello.php 1
+ <? echo "hello world\n"; ?>
There's no context information that I can see. Hence, I imagine that the
patch would look the same on someone else's computer. If that's correct,
you can just sign it.
So now, every time you pull a patch, Darcs would check the signature.
And for a tag, Darcs would also check that the hash in the tag matches
the current pristine tree hash. With these features, I think Darcs would
largely close the gap with the other more integrity-oriented SCMs.
Cheers,
Daniel.
_______________________________________________
darcs-users mailing list
[email protected]
http://lists.osuosl.org/mailman/listinfo/darcs-users
