Trent W. Buck wrote:
Rather than a checksum, you can create a context file (string), which
identifies a repository state uniquely.
Note that AB and B'A' will (probably) have different context files. I
don't know if that matters to your use case -- I don't really understand
your use case.
Use cases:
1. You pull a patch from Daniel's repository. You want to know with
cryptographic certainty that the patch really came from Daniel, and that
it was not corrupted or maliciously tampered with.
2. You discover a backdoor, or illegal material in the software. You
want to know with cryptographic certainty who is responsible for that patch.
3. You want to have a ring of trust, or a web of trust, and only accept
patches from trusted individuals when you do a pull.
4. You are a user or distributor. You pull from the upstream repository
by specifying a tag (e.g. "Linux Kernel 2.6.32"). You want to know with
cryptographic certainty that the thing you are getting is exactly the
thing that Linus Torvalds committed and tagged.
Does this make things clearer?
Darcs can certainly sign patches, though unfortunately this is only
supported during transmission layer, *not* in the repository itself.
This is done with darcs send --sign.
Some of us don't use darcs send. I find the whole patch-by-email wholy
inconvenient, but I'm very happy with push and pull over SSH. In any
case, this doesn't really help with the use cases above.
I for one would certainly support any work to improve Darcs scanty trust
models. In particular, it sounds like a good idea for patches to get
signed at record (not send) time, and stay signed.
Yeah.
Cheers,
Daniel.
_______________________________________________
darcs-users mailing list
[email protected]
http://lists.osuosl.org/mailman/listinfo/darcs-users
