On Mon, Sep 24, 2007 at 07:24:51PM +0200, Ralf S. Engelschall wrote:
We're now addressing the problem "How can we ensure that a
revision is
not stored into the database at all in case an ACL hook determines
that
one of its certificates break an ACL rule?" the following way:
By the way -- have you considered simply dropping illegal certs?
This would permit a *much* simpler implementation, but I don't know
if it would satisfy your requirements. It would of course allow
"illegal" files/revisions to take up space in your database, but
monotone will never actually *do* anything with a revision unless a
cert tells it to (or a user explicitly requests it, like with -r <full
rev id>). If any such "ghost revisions" do accumulate, you can
garbage collect them by periodically doing a pull into a fresh
database, and then replacing your old database with the freshly-pulled
one.