gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: darcs vs tla

From: Karel Gardas
Subject: Re: [Gnu-arch-users] Re: darcs vs tla
Date: Tue, 16 Nov 2004 21:49:11 +0100 (CET) 
On Tue, 16 Nov 2004, Jan Hudec wrote:

> On Tue, Nov 16, 2004 at 21:03:26 +0100, Karel Gardas wrote:
> > On Tue, 16 Nov 2004, Jan Hudec wrote:
> >
> > > > - darcs does not support patch signing/verification except simple
> > > >   email-based transport method (showstopper for me)
> > >
> > > Arch does not support signing/verification for transport -- it supports
> > > it for STORAGE. That's the key point. The signatures are stored and can
> > > be validated at any point in future. Eg. after a security accident.
> >
> > Yes, true, sorry for not so precise definition. The most important thing
> > is that signing/verification is transport independend while this is not
> > the case in darcs. In addition darcs patches are not signed in repository
> > but on export (by send command), which is showstopper about which I wrote.
>
> Yes. That is completely useless for checking integrity of your
> repository after the computer was compromised

That's true and that's why this is showstopper for me.

> or when your harddisk is dying.

That's true w.r.t. signing/verification but not w.r.t. darcs as whole. As
I've seen darcs support `check' command which is able to check your
current tree for corruption:

``Check verifies that the patches stored in the repository, when successively
applied to an empty tree, properly recreate the stored current tree.''

Cheers,
Karel
--
Karel Gardas                  address@hidden
ObjectSecurity Ltd.           http://www.objectsecurity.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]