|
From: | John A Meinel |
Subject: | Re: [Gnu-arch-users] Re: darcs vs tla |
Date: | Wed, 17 Nov 2004 11:04:03 -0600 |
User-agent: | Mozilla Thunderbird 0.9 (Windows/20041103) |
Juliusz Chroboczek wrote:
Arch does not support signing/verification for transport -- it supports it for STORAGE. That's the key point. The signatures are stored and can be validated at any point in future. Eg. after a security accident.Very true. And that's a major problem with darcs. Unfortunately, there's no easy way to solve that. The representation that darcs uses for any given patch may very over time: when you push from one repository to another, the representation for the patch may change (that's what ``commuting'' is about). While there is a canonical form for a patch, it's not at all easy to compute. Juliusz
So it is an intrinsic problem. The only thing I can think of is that you could re-sign the patch after you've modified it, but that might get really expensive as well. Especially if patches get moved around after they've been applied. If it was just a reshuffle for a new patch, it might be okay.
John =:->
signature.asc
Description: OpenPGP digital signature
[Prev in Thread] | Current Thread | [Next in Thread] |