Re: [Monotone-devel] Re: monotone & CVS import

[graydon hoare]

Jeremy Fitzhardinge <address@hidden> writes:

> It would be good to support all possible names.  Many projects have
> one or two files which have strange names, possibly because of the
> requirements of some other tool.  If the source control system can't
> handle some files, it is effectively useless.

well, I'll expand support where necessary for a real case, provided
it's safe and well understood. but not "all possible" cases. some
possible cases are *attacks*. what does your filesystem do when it
sees a path component with 0xD7 in it? I don't know; and when I don't
know about a security issue, the conservative thing to do is fail.

> Of course you then need to be careful to define what the hash is of:
> the quoted version or the unquoted version?
> ...
> foo.c\n
> ab87345ba98234b12692ab87345ba98234b12692  interloper.c
> ...

so, you see my point :) pathnames are a central security issue, as
much as certificates, keys and hashes. they must be dealt with very
carefully.

> On an unrelated subject, have you looked at storing file
> permissions/type as well?  It would be useful if scripts checked
> into monotone came out with the x bits set.  How about another field
> in the manifest?

for various reasons -- chiefly simplicity -- I've decided to handle
this by a general path-attribute mechanism in an external file (also,
hooray, whitespace-delimited) called .mt-attrs. there's description of
it here:

http://www.venge.net/monotone/docs/File-Attributes.html

-graydon