# # patch "ChangeLog" # from [38099db924c0943fae7d5896fc743c8eed8e15e9] # to [7039b53ab4bb5bb7e95a89965bf60bc1554d1053] # # patch "tests/t_vcheck.at" # from [247f296fb06b33fb2609231c983517384b50a437] # to [8656291fbb8e643e82f3bfb8ffa5616346388cb6] # --- ChangeLog +++ ChangeLog @@ -1,3 +1,7 @@ +2005-04-14 Nathaniel Smith + + * tests/t_vcheck.at: Update notes. + 2005-04-14 Jeremy Cowgar * monotone.texi (Making Changes): Fixed duplicate paragraph --- tests/t_vcheck.at +++ tests/t_vcheck.at @@ -19,10 +19,9 @@ # The original 'vcheck' was ripped out when manifest and file certs # were removed, and never quite did the right thing anyway. (It only # applied to manifests, in particular.) It may be useful to reference -# the code, though: see, say, -# 727d28b35f1fcbc91c0183fca2a6cabbe7cf21d7, or t:monotone-0.16. In -# particular, mac.hh should be useful. Note also the section -# "Accidental collision" in monotone.texi. +# the code, though: see t:monotone-0.16. In particular, mac.hh should +# be useful. Note also the section "Accidental collision" in +# monotone.texi. # There are a few ways to re-add this. The simplest is probably to # have a cert on revisions that contains @@ -36,6 +35,18 @@ # This reduces space overhead, too, since certs's space usage adds up, # and does so for project members who aren't worried about SHA1 # collisions too... +# +# an alternative approach would be to contain: +# - a salt/nonce +# - a MAC of (length-prefixed revision) + (length prefixed manifest) +# + (length prefixed versions of each file in the manifest, in manifest order) +# this is small, and just as safe. it is rather expensive to create +# or check, though, since you have to load all that data, so maybe the +# optimization above where you only hash mentioned files would be +# good. OTOH, if you hash everything, then you can use them +# sparingly, and be sure that the versions so certed really are safe; +# if you only hash some pieces, you have to cert your entire history +# in order to "trust" any one snapshot at all. AT_CHECK(false)