Re: [Monotone-devel] Query regarding internal consistency checking

[Nico -telmich- Schottelius]

Nathaniel Smith [Wed, Jun 09, 2004 at 04:15:27AM -0700]:
> Suppose I discover that Bob is about to commit a version containing a
> changed file with version code 12345,

version code = abreviated sha1-hash?

> but he hasn't committed it yet.
> (Say, because I say the patch he sent to the list for review.)

So the database is untouched. Fine.

> Suppose I then connect to a netsync server and say "here's the file
> with version code 12345",

Whatever version code is...
You'll upload the file to the database with _your_ private key.

> and hand it a different file, one containing
> malicious code.

Than you'll be responsable for it.

> And then Bob actually gets around to doing his commit
> and pushing to the server, and the server doesn't actually ask for
> file version 12345,

I don't think a monotone server will ever ask someone for files.

> because it already has it.  And the server now has
> a manifest that Bob attests is good, containing file 12345.

Bob won't attest that.

> And now someone else syncs this into their database, and says "hey, a
> new version, and signed by Bob

not Bob, but you

> -- I trust him",

And I won't trust you :)

> checks out that
> version, compiles and runs it, and has something nasty happen to
> their system as a result.

Well that can happen everytime you use any software. It's a question
who do you trust how much. Why do you trust MS Office? Does it not
send data to MS?

> My question: is this plausible?

To make it short: I don't think so.

Nico

-- 
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nerd-hosting.net | http://nico.schotteli.us

pgpEL9Fj4Gubt.pgp
Description: PGP signature