|
From: | K. Richard Pixley |
Subject: | Re: [Monotone-devel] newbie question - SHA1 vs serials |
Date: | Tue, 19 Apr 2005 08:41:32 -0700 |
User-agent: | Mozilla Thunderbird 1.0.2 (Macintosh/20050317) |
Jon Bright wrote:
K. Richard Pixley wrote:On second thought, I think you have a good point. Two other possibilities come to mind for a total of three. 1) There's a loop in our delta distribution mechanism. This should already be covered by current logic. If you're sent the same delta twice, what happens? I haven't checked, but my guess is that we're comparing lists of available delta id's anyway so this wouldn't happen. 2) If you already have a 1:foo.bar.com, you're not going to accept another. 3) If the incoming revision is, oh, say, 43762:foo.bar.com, and you haven't generated numbers that high yet, then you're right, we don't have any way to recognize that this wasn't us. Conclusion: using serial:repostory-name would probably require some level of security on a repository basis. Instead of simply accepting all revisions from a particular repository, we may need to list allowable repositories and/or make some attempt to verify that a respository with whom we are communicating really is the repository we think it is. This might be done by chasing known IP addresses. It might be done using a per-machine hash akin to the ones ssh uses in an attempt to flush out man-in-the-middle attacks. It might be done by using TLS with certificates, (another delegated central authority), as our transmission mechanism. In general, this is probably a good thing in the long run as it allows repository administrators, (ie, developers), the ability to fine tune and restrict which data they accept from whom. --rich |
[Prev in Thread] | Current Thread | [Next in Thread] |