Re: [Monotone-devel] Re: Monotone Security

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Re: Monotone Security

From:	Brian May
Subject:	Re: [Monotone-devel] Re: Monotone Security
Date:	Mon, 20 Oct 2008 13:36:02 +1100
User-agent:	Thunderbird 2.0.0.17 (X11/20080925)

William Uther wrote:

Now let's imagine that Bob merges all heads in his database, butwithout fully checking Charlie's change. At this point, Bob signs thenewly merged revision.

This is where you need a distributed system for sending trust data (asdiscussed here as "policy branches"), so if Alice doesn't trust Charlie,Bob won't trust Charlie either.

Also, if Bob signs a merge, then he is essentially saying he trustsboth versions, IMHO (although maybe this is questionable because the UImakes merges without reviewing the changes so easy). Then it shouldn'tmatter if Alice sees the merge result.


Brian May

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] Re: Monotone Security, William Uther, 2008/10/19
- Re: [Monotone-devel] Re: Monotone Security, Brian May <=
  - Re: [Monotone-devel] Re: Monotone Security, William Uther, 2008/10/19

Prev by Date: Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL
Next by Date: Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL
Previous by thread: [Monotone-devel] Re: Monotone Security
Next by thread: Re: [Monotone-devel] Re: Monotone Security
Index(es):
- Date
- Thread