Signing revisions in place

Matt Mackall mpm at selenic.com
Wed Oct 3 16:48:04 CDT 2007 

On Wed, Oct 03, 2007 at 01:49:33PM -0700, Dustin Sallings wrote:
> 
> On Oct 3, 2007, at 13:33 , Jens Alfke wrote:
> 
> >That's also useful, agreed, and it's more like the way the gpg  
> >extension works. I'm not sure quite how a tag is implemented ? is  
> >it similar to a child revision, under the hood? If so, the same  
> >technique I proposed would apply.
> 
> 	Tagging is *theoretically* just a change to the tags file.  In  
> practice, it seems more magic than that (see what happens when you  
> tag in one head while working in another, and then try to update to  
> that tag).

Adding a tag is simply adding a line to the .hgtags file, yes.
Computing which tags are in effect at any given point in time with
multiple heads is a bit trickier, yes, but for the most part, you
shouldn't need to think about it.

> >> gnu arch allowed one to sign each revision.  I'm not sure if  
> >>that's generally valuable here
> >
> >I think it is; the more so, the more paranoid you are :) or if the  
> >project belongs to an organization that wants to know exactly who  
> >commits (or to restrict who can commit into important  
> >repositories.) There have also been cases where open-source  
> >projects were compromised by maliciously-introduced changes that  
> >opened security holes; I remember cases of this in both WordPress  
> >and the Linux kernel. Signatures can make it possible to guard  
> >against that.
> 
> 	Yes, that is a good use case.  It's unclear how you'd sign your own  
> changeset in your changeset, though.  In the case of gnu arch, the  
> signature was a separate file from the patch tarball itself.  If it's  
> possible to do something similar in mercurial, then it'd make sense.

We really don't like to have any bits that are outside version
control. So we either have a scheme analogous to tagging (like what we
have now), or one where we put the signature in the associated commit.

> 	I have damaged repositories such that they worked, but some earlier  
> revisions were unavailable.  Things like that make me nervous.  I'd  
> much rather have it just stop working at the point where I've damaged  
> it (or perhaps have a verify fail).

If you've got a broken repo that passes verify, I'd like to know about
it.

-- 
Mathematics is the supreme nostalgia of our time.

More information about the Mercurial mailing list