Re: [Monotone-devel] Re: speed of "mtn ls branches"

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Re: speed of "mtn ls branches"

From:	William Uther
Subject:	Re: [Monotone-devel] Re: speed of "mtn ls branches"
Date:	Sat, 19 Jan 2008 23:47:58 +1100


On 19/01/2008, at 3:04 AM, Zack Weinberg wrote:


On Jan 18, 2008 5:38 AM, Lapo Luchini <address@hidden> wrote:

We should maybe trade in some "security" with speed, e.g.mantaining a
DB table with a "cache of valid and not suspended branches".


I'm seriously wondering whether we oughtn't to cache validity for
*all* certs in the local database.  Or perhaps go even further and
refuse to store "bogus" certs at all.

Pro: would speed up just about everything.
Con: we lose protection against database corruption and possibly
against local attacks (anyone who can do "mtn db execute" can bork a
certificate - I actually used this in a test case recently).

Perhaps there is a middle ground, where we continue to do the
checksum, but not the digital signature validation, except when we
first hear about a cert.


I believe part of the reason we don't cache 'validity' is that it
actually means two things in the current system:
  i) The signature matches, and
  ii) The lua hook says that we want to trust that person.

We could certainly cache the first.  I think we could also cache the
second if we were careful about invalidating the cache when the lua
hooks change.

Cheers,

Will       :-}

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Monotone-devel] speed of "mtn ls branches", (continued)

Prev by Date: Re: [Monotone-devel] ikiwiki monotone support
Next by Date: Re: [Monotone-devel] ikiwiki monotone support
Previous by thread: Re: [Monotone-devel] speed of "mtn ls branches"
Next by thread: Re: [Monotone-devel] speed of "mtn ls branches"
Index(es):
- Date
- Thread