Re: [Gnu-arch-users] Re: darcs vs tla

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: darcs vs tla

From:	John A Meinel
Subject:	Re: [Gnu-arch-users] Re: darcs vs tla
Date:	Wed, 17 Nov 2004 11:04:03 -0600
User-agent:	Mozilla Thunderbird 0.9 (Windows/20041103)

Juliusz Chroboczek wrote:

Arch does not support signing/verification for transport -- it supports
it for STORAGE. That's the key point. The signatures are stored and can
be validated at any point in future. Eg. after a security accident.



Very true.  And that's a major problem with darcs.

Unfortunately, there's no easy way to solve that.  The representation
that darcs uses for any given patch may very over time: when you push
from one repository to another, the representation for the patch may
change (that's what ``commuting'' is about).  While there is a
canonical form for a patch, it's not at all easy to compute.

                                        Juliusz

So it is an intrinsic problem. The only thing I can think of is that youcould re-sign the patch after you've modified it, but that might getreally expensive as well. Especially if patches get moved around afterthey've been applied. If it was just a reshuffle for a new patch, itmight be okay.


John
=:->

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Gnu-arch-users] Re: darcs vs tla, (continued)
- Re: [Gnu-arch-users] Re: darcs vs tla, John A Meinel, 2004/11/17
  - [Gnu-arch-users] Re: darcs vs tla, Mark Stosberg, 2004/11/17
    - Re: [Gnu-arch-users] Re: darcs vs tla, John A Meinel, 2004/11/17

Prev by Date: Re: [Gnu-arch-users] Re: darcs vs tla
Next by Date: Re: [Gnu-arch-users] Re: darcs vs tla
Previous by thread: Re: [Gnu-arch-users] Re: darcs vs tla
Next by thread: [Gnu-arch-users] Re: darcs vs tla
Index(es):
- Date
- Thread