Daniel Carrera <[email protected]> writes: > Trent W. Buck wrote: >> Rather than a checksum, you can create a context file (string), which >> identifies a repository state uniquely. >> >> Note that AB and B'A' will (probably) have different context files. I >> don't know if that matters to your use case -- I don't really understand >> your use case. > > Use cases: > > 1. You pull a patch from Daniel's repository. You want to know with > cryptographic certainty that the patch really came from Daniel, and > that it was not corrupted or maliciously tampered with. > > 2. You discover a backdoor, or illegal material in the software. You > want to know with cryptographic certainty who is responsible for that > patch. > > 3. You want to have a ring of trust, or a web of trust, and only > accept patches from trusted individuals when you do a pull. > > 4. You are a user or distributor. You pull from the upstream > repository by specifying a tag (e.g. "Linux Kernel 2.6.32"). You want > to know with cryptographic certainty that the thing you are getting is > exactly the thing that Linus Torvalds committed and tagged. > > Does this make things clearer?
OK, cool, you're thinking what I thought you were thinking :-) >> [...] darcs send --sign. > [...] doesn't really help with the use cases above. Granted. _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
