[Monotone-devel] Re: How will policy branches work?

[Bruce Stephens]

Markus Schiltknecht <address@hidden> writes:

> Bruce Stephens wrote:
>> That strikes me as impractical.  How can I merge two revisions if I
>> can't see some of the changed files?
>
> You should be able to merge, as long as the revisions you are trying
> to merge both point to the same revid for all invisible or disallowed
> files. Otherwise, you can't possibly merge, since you are not allowed
> to have access to the files which need to be merged.
>
>> If my local repository contains
>> the files, how convincing is it that I'm prevented access to them in
>> some sense?
>
> Huh? To cover these scenarios, your local repository shouldn't contain
> any file you are not allowed to see. Meaning, this is something which
> needs to be handled during netsync. Everything else wouldn't solve the
> problem at hand, IMO.

Hmm.  So the manifest has a hash that points to something that says I
don't have permission to it (rather than to the text itself).  I guess
I can imagine that working.

A possible alternative that occurred to me is to have some things
encrypted, but that feels just horribly complicated.  (Arguably you'd
want every blob to be encrypted separately, so you could control
access to any of them in an arbitrary way.)

I still think it's likely to be more work than it's worth.  People
commonly distribute such files separately, so putting them in a
different branch (which can be controlled separately) feels reasonable
to me.

[...]