On Tue, Apr 19, 2005 at 11:39:23PM +0200, Richard Levitte - VMS Whacker wrote:
> I have to appologise to everyone involved with the development of
> monotone. I've effectively stopped you from making any further
> updates, you are now locked to revision
> e018e6f9690d07166a0eecef6627493445db12ad as soon as it is in your
> database unless you do what I will describe below.
Richard's sent some followups that clarified this a bit more, but just
to make doubly sure: this is not nearly so bad of a problem as it
sounds like above. The situation is:
-- Monotone has a concept of a "testresult" cert. Monotone only
cares about these certs in exactly one condition: when you type
"update" with no argument, and it goes to guess which revision
you would like to update to. The exact effect is controlled by a
hook, but the default is that if your current revision has a
passing testresult cert on it, monotone will only guess a
revision that has a corresponding passing testresult cert on it.
This is a somewhat underdeveloped and underdesigned bit of
monotone -- more of a sketch of some desired functionality than
an actually useful feature -- and no-one has ever used it
intentionally so far as I know. It doesn't much hurt anything to
leave it there until someone sits down to work out a better way,
though.
-- If you do not have a working copy in _exactly the revision_ that
got the testresult, then its existence will effect you.
Otherwise, it will have no effect at all.
-- If you _do_ have a working copy in exactly the revision that got
the testresult, unwedging yourself is trivial -- the next time
you go to run update, you have to run "update SOMEREV", instead of
"update". That's all.
-- as a DoS method, it leaves something to be desired; if someone
can write into your database, they'll have much more luck filling
your disk with junk. (They won't have too much in any case,
since once you realize what's going on, you revoke their write
access, smite them, and then delete whatever isn't signed by
actually trusted people.)
Hope that helps calm down anyone who was freaking out about this :-).
-- Nathaniel
--
"Lull'd in the countless chambers of the brain,
Our thoughts are link'd by many a hidden chain:
Awake but one, and lo! what myriads rise!
Each stamps its image as the other flies"
-- Ann Ward Radcliffe, The Mysteries of Udolpho
_______________________________________________
Monotone-devel mailing list
Monotone-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/monotone-devel
