[ANN] autosign extension

Fri May 15 05:12:43 CDT 2009

On Friday, 15. May 2009 09:29:45 Dan Villiom Podlaski Christiansen wrote:
> The most important scenarios to me is what happens in the final case:
> I would expect Mercurial to abort with a hard error, as soon as
> possible when seeing such a changeset. I would also expect that the
> only way to solve it would be getting rid of that changeset.

I really wouldn't want that. 

In my opinion Mercurial should warn, that a changeset has a corrupt signature. 
In that case I can decide to either simply backout that changeset (we don't 
want these untrusted changes, but we want to keep the record that someone 
tried to cheat the system), or to remove it. 

A hook or option to disallow invalid changesets from being put into the 
repository would be nice, though. 

To get your full security, you'd then just activate that hook/option - 
preferably in a repository used for exchanging changesets (for example the 
shared push repository). 

One reason for not wanting Mercurial to break down hard when I get a bad 
changeset is that it would cost me time not to be able to work with it. 

Maybe I just got the changes and I want to rework the history around that 
changeset. Naturally I have to touch the repository to do so which means that 
Mercurial must continue to work. 

A signature is metadata, and metadata shouldn't obstruct normal usage, except 
when I explicitely request that (hook). Activating the extension just means 
that I want the option of checking the metadata. 

Best wishes, 
Arne

--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- 
   - singing a part of the history of free software -
              http://infinite-hands.draketo.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://selenic.com/pipermail/mercurial/attachments/20090515/0ed87ddd/attachment.pgp 