Dan Pascu wrote:
I may be wrong on this, but I'm under the impression that this can be done (if it's not already), as with the hashed format, the hash name used for patches and files is already correlated with the contents, so a simple integrity check is possible (if not already done as I said).
I'd like to know exactly how it is correlated, but it could easily be useless. For example, if darcs hashes whatever file it got from the remote repo and uses that, that'll tell you nothing about whether the file is correct.
IMO, whatever you have in mind is too heavy for a user that doesn't care or doesn't need to verify identities by means of digital signatures. This is why I must reiterate my point, that while I think this can be a useful addition, I do not want to see it enforced on each and every repository by default. It must be a user choice, if to use it or not.
Ok. User choice is fine, as long as there is a configuration option that makes signing/checking the default. This is necessary for some applications.
Btw, the actual signing should not be very heavy. True, RSA is slow, but you are only applying RSA on a 40-character string. Computing the hash is fast too because SHA1 is fast. The really slow part is going to be commuting patches in order to find the minimal context for the patch.
Daniel. _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
