[Monotone-devel] updates and trust [was: Re: Unknown signature in net.venge.monotone]

[graydon hoare]

graydon hoare wrote:

> the only thing to keep in mind is that sufficient approval should 
> probably be present *all along* an update path (not just at the target) 
> whereas test-result correctness needs only to be present at the target. 
> also keep in mind that whatever mechanism we put in for updates will 
> probably be reused for merges and propagates, too.

actually, I thought about this some more during lunch, and I'm pretty 
convinced that to be useful such an "approval" would not only need to 
have exactly the same *form* as an ancestry cert (approving an edge, not 
a node -- surely you didn't audit the whole source tree) but also be 
used in all the same *places*, in monotone, as ancestry certs are.

so I wonder: is there any tangible difference between ancestry and approval?

  - the cert has a different name
  - you can *disapprove* of something
  - otherwise.. ?

I can't see a difference. when I attach something as a child, I am 
saying "I approve of this view of history". what else is there to say?

I think what ought to happen, at a UI level, is for the "approve" and 
"disapprove" commands to be changed to take an edge (pair of nodes), and 
issue ancestry or "anti-ancestry" ("disowning"?) certs, and to confine 
the notion of approving/disapproving-a-node to judgements about test 
results. maybe even use a different command name:

  monotone tested <manifest> <testname> <ok|bad>

this will involve overall less surgery -- probably just a change to the 
function which calculates "heads", to acknowledge test results -- and I 
think wind up working roughly as we want, long term. any objections?

-graydon