gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: darcs vs tla

From: Alexey N. Solofnenko
Subject: Re: [Gnu-arch-users] Re: darcs vs tla
Date: Tue, 16 Nov 2004 13:10:28 -0800
User-agent: Mozilla Thunderbird 0.9+ (Windows/20041116)
Darcs does not preclude you from doing that - it just does not help you with your own system security. You still can keep email archive somewhere (maybe in a file system) and compare signatures separately. It is inconvenient, but it is hardly a show stopper. 

- Alexey.

Charles Duffy wrote:


On Tue, 2004-11-16 at 12:51 -0800, Alexey N. Solofnenko wrote:
Yes to what? Both approaches are functionally equivalent. Darcs only checks signatures on unsafe mails, but other protocols should check authenticity themselves (anonymous users should not be able to check anything in). 

Not remotely equivalent. Arch allows me to determine whether my archive
has been modified if the server I host it on has been cracked and
tampered with. Darcs has no such mechanism. (See the case where the
Linux CVS tree mirroring its BK repository was maliciously tampered with
to insert a vulnerability; Arch would have made this detectable, whereas
Darcs has no handling for this case).
reply via email to
[Prev in Thread] Current Thread [Next in Thread]