[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] cause of bad cert signatures and how to prevent the
From: |
Nathaniel Smith |
Subject: |
Re: [Monotone-devel] cause of bad cert signatures and how to prevent them? |
Date: |
Wed, 6 Jul 2005 22:17:29 -0700 |
User-agent: |
Mutt/1.5.9i |
On Thu, Jul 07, 2005 at 01:21:13AM +0200, Marcel van der Boom wrote:
> A monotone db got, somehow, certs on a revision which had bad
> signatures. This happened during a learning session where a person
> had probably mixed several keys.
>
> After him pushing, which apparently went well, the messages with
> "warning: ignoring bad signature on...." appeared.
>
> How come this revision was accepted with a bad signature?
Because monotone's philosophy is to defer trust checking to individual
users; so netsync just shuffles information around, so that people
will have the appropriate information available to make their own
decisions. So it doesn't check certs or do anything with trust.
> More important, how can this be prevented from ever happening again?
>
> I could not find another way to repair the database than:
[run db rebuild]
> Is there a better procedure for handling this?
How about, don't handle it at all? Some invalid certs don't hurt
anything; monotone will just ignore them. (I guess the warnings might
be a little annoying, though; I guess that's a bug in monotone.)
Overall, the trust stuff is not yet fully baked; I'm speaking in terms
of general principles because we haven't really worked out all the
details of how this should work :-). But there's nothing _bad_ about
having certs that monotone ignores; in the future that should be how
trust works...
-- Nathaniel
--
The Universe may / Be as large as they say
But it wouldn't be missed / If it didn't exist.
-- Piet Hein