Loading ...
Sorry, an error occurred while loading the content.
 

Re: Postfix VCS repository

Expand Messages
  • Wietse Venema
    ... I ll be certain about the correctness a single instance, and avoid the complexities of correctness by majority vote after the fact. Wietse
    Message 1 of 8 , Oct 1, 2009
      Victor Duchovni:
      > On Thu, Oct 01, 2009 at 01:46:51PM -0400, Wietse Venema wrote:
      >
      > > Then we agree. A system that computes SHA1 without secret key
      > > provides no detection of after-the-fact changes.
      >
      > Except that the SHA-1 signature is just 20 bytes covering the entire
      > tree, and there are *many* trees (no single master), with some more
      > stable than others, the digests of the stable trees can be signed and/or
      > saved off-line. Tampering with prior history in a tree is hard, if
      > one wants to convince all the other tree copies that the the altered
      > tree is genuine. One can of course create new leaf nodes (patches),
      > but these are clearly visible as new revisions.
      >
      > So "git" is IIRC more tamper-evident than it seems at first glance,
      > provided that there are lots of trees (which is typically the case),
      > and developers notice that their tree is inconsistent with the previously
      > common history of a tree they are pulling from or pushing to.

      I'll be certain about the correctness a single instance, and avoid
      the complexities of 'correctness by majority vote' after the fact.

      Wietse
    Your message has been successfully submitted and would be delivered to recipients shortly.