|
From: | K. Richard Pixley |
Subject: | Re: [Monotone-devel] newbie question - SHA1 vs serials |
Date: | Tue, 19 Apr 2005 09:50:57 -0700 |
User-agent: | Mozilla Thunderbird 1.0.2 (Macintosh/20050317) |
Richard Levitte - VMS Whacker wrote:
In other messages, I've agreed that some form of repository authentication would solve the problem. Long term, I think this sort of feature would be very useful in monotone, even aside from the issue of man-in-the-middle and imposter attacks.In message <address@hidden> on Tue, 19 Apr 2005 08:08:47 -0700, "K. Richard Pixley" <address@hidden> said: rich> > 3. I have machine foo.bar.com - what to do about some rich> > unpleasant person who decides to incorrectly name their rich> > machine foo.bar.com too? (There are a number of rich> > workarounds for this, each with advantages and rich> > disadvantages)rich> rich> You do nothing. It's up to the administrator of bar.com torich> resolve this collision. The point is, what happens in the mean time?
As I read the manual, (the sum of my monotone experience), monotone is currently vulnerable to these problems already. And finding a means of addressing it would seem to be a welcome addition in any case.
I can imagine it without any difficulty, yes. It'll give most developers I've ever supported headaches and nightmares and would likely be the biggest barrier to adoption. Monotone does have some very nice architectural features, though, especially when compared with other current free software offerings.You have seen what history can look like with the multi-head model monotone uses, have you?
So far I haven't heard any serious problems with serials. What problem are you thinking of?There were a few problems (at least one being very serious) with serials. Those problems just aren't with SHA-1s. I let that speak for itself.
--rich
[Prev in Thread] | Current Thread | [Next in Thread] |