[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] speed of "mtn ls branches"
From: |
William Uther |
Subject: |
Re: [Monotone-devel] speed of "mtn ls branches" |
Date: |
Thu, 17 Jan 2008 20:36:39 +1100 |
On 17/01/2008, at 7:49 PM, Richard Levitte wrote:
willu.mailingLists>
willu.mailingLists> I'm not sure if that should be committed or not.
willu.mailingLists> It reduces 'time ls branches
willu.mailingLists> --ignore-suspend-certs' on my monotone db from 7s
willu.mailingLists> down to less than 0.1s. But it means ignoring the
willu.mailingLists> validity of certs in this case.
willu.mailingLists>
willu.mailingLists> Thoughts?
If the user is explicitely asking for the suspend certs to be ignored,
why should we not allow it, especially since --ignore-suspend-certs is
a global option?
I wasn't as clear as I could have been. The code is correct at the
moment:
If there is an invalid branch cert then that branch will not be
listed.
If there is a valid branch cert and valid suspend cert then the
branch
will not be listed unless the user uses "--ignore-suspend-certs".
The comment in my previous email about ignoring invalid certs was
talking
about ignoring invalid branch certs, and was not referring to suspend
certs
at all.
If you apply the patch I included in my last email, then you break
things
to speed them up:
If there is an invalid branch cert then that branch will not be
listed
unless the user uses "--ignore-suspend-certs".
If there is a valid branch cert and valid suspend cert then the
branch
will not be listed unless the user uses "--ignore-suspend-certs".
Consider the following example:
Evil Dr Zarkon manages to send a whole bunch of certs to you DB.
They
are branch certs. They assert that revision
5306ba58602c6448ea980100b5fdefcd5d5f9839 is in branches 'aaaaaa'
through 'zzzzzz'. All these certs are signed by Dr Zarkon.
Using the get_revision_cert_trust() lua hook you tell monotone not to
trust anything signed by Dr Zorkon.
Now there are three cases:
i) Before suspend certs, 'mtn ls branches' would not check the
cert validity
and would list all of Dr Zarkon's bogus branches - allowing the
denial
of service attack.
ii) Presently:
A) 'mtn ls branches' WILL check cert validity, and all of Dr
Zarkon's
bogus branches will be ignored (this has nothing to do with
suspend certs).
B) 'mtn ls branches --ignore-suspend-certs' will still check
cert
validity and Dr Zarkon's branch and suspend certs will
all be
ignored.
iii) If we apply the patch:
A) 'mtn ls branches' is the same as in ii). All cert
validities
will be checked and Dr Zarkon's plan is foiled.
B) 'mtn ls branches --ignore-suspend-certs' will behave as
in i).
All branches will be returned, including those with
invalid branch
certs - Dr Zarkon's plan will succeed. While incorrect,
this will be significantly faster than current behaviour.
It is also a behaviour that monotone had for a long time.
Does that make the trade-offs clearer?
Will :-}
- Re: [Monotone-devel] speed of "mtn ls branches", (continued)
- Re: [Monotone-devel] speed of "mtn ls branches", William Uther, 2008/01/16
- Re: [Monotone-devel] speed of "mtn ls branches", Zack Weinberg, 2008/01/17
- Re: [Monotone-devel] speed of "mtn ls branches", William Uther, 2008/01/17
- Re: [Monotone-devel] speed of "mtn ls branches", Zack Weinberg, 2008/01/17
- Re: [Monotone-devel] speed of "mtn ls branches", William Uther, 2008/01/17
- Re: [Monotone-devel] speed of "mtn ls branches", Zack Weinberg, 2008/01/17
- Re: [Monotone-devel] speed of "mtn ls branches", William Uther, 2008/01/17
Re: [Monotone-devel] speed of "mtn ls branches", Tony Tung, 2008/01/17
- Re: [Monotone-devel] speed of "mtn ls branches", William Uther, 2008/01/17
- Re: [Monotone-devel] speed of "mtn ls branches", Richard Levitte, 2008/01/17
- Re: [Monotone-devel] speed of "mtn ls branches",
William Uther <=
- Re: [Monotone-devel] speed of "mtn ls branches", Daniel Carosone, 2008/01/17
- Re: [Monotone-devel] speed of "mtn ls branches", William Uther, 2008/01/17
- [Monotone-devel] Re: speed of "mtn ls branches", Lapo Luchini, 2008/01/18
- Re: [Monotone-devel] Re: speed of "mtn ls branches", Zack Weinberg, 2008/01/18
- Re: [Monotone-devel] speed of "mtn ls branches", Lapo Luchini, 2008/01/18
- Re: [Monotone-devel] speed of "mtn ls branches", Lapo Luchini, 2008/01/18
Re: [Monotone-devel] Re: speed of "mtn ls branches", William Uther, 2008/01/19
Re: [Monotone-devel] speed of "mtn ls branches", Nathaniel Smith, 2008/01/17
Re: [Monotone-devel] speed of "mtn ls branches", William Uther, 2008/01/17
Re: [Monotone-devel] speed of "mtn ls branches", Thomas Moschny, 2008/01/17