Julio M. Merino Vidal schrieb:
But I think we could do the following: add a new cert with the correct
changelog entry (or whatever) and note in some way that that specific
cert overrides the incorrect one (hmm, versioned changelogs?), or mark
it as deleted, so that it's not taken into account any more.
Could this be possible? What do you think?
I have a possible implementation idea:
Invent a new (revision?) certificate which invalidates another
certificate (by it's certificate id). Once you received (and trusted)
such a certificate remove the wrong certificate from the table and store
it in a different table. This way wrong certificates do not get any
longer transmitted, and they are, if necessity arises, revivable (the
data sleeps in a different table).
If a revision does not have a branch certificate it will never get
transferred to a remote station again. And unused files and manifests
are not transferred neither. (So deleted branches will no longer spread)
This would work like a distributed remove command. If you evaluate
invalidation certificates after sync is completed and do it in issued
order (possible ?) you could even revoke remove certs (and revive (or
re-receive the data if necessary)).
Christof