monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Query regarding internal consistency checking

From: Nathaniel Smith
Subject: Re: [Monotone-devel] Query regarding internal consistency checking
Date: Wed, 9 Jun 2004 04:43:40 -0700
User-agent: Mutt/1.5.6i 
On Wed, Jun 09, 2004 at 01:31:40PM +0200, Nico -telmich- Schottelius wrote:
> Nathaniel Smith [Wed, Jun 09, 2004 at 04:15:27AM -0700]:
> > Suppose I discover that Bob is about to commit a version containing a
> > changed file with version code 12345,
> 
> version code = abreviated sha1-hash?

Yes.

> > but he hasn't committed it yet.
> > (Say, because I say the patch he sent to the list for review.)
> 
> So the database is untouched. Fine.
> 
> > Suppose I then connect to a netsync server and say "here's the file
> > with version code 12345",
> 
> Whatever version code is...
> You'll upload the file to the database with _your_ private key.

I'll have to login to the netsync server with my key, but the file is
just a chunk of data, the server doesn't store any identifying
information with it.  Depending on how much the server logs, it might
be possible to go back and see who logged into the server an inserted
this file, but I'm guessing the server doesn't normally log at
anything like that detail.

> > and hand it a different file, one containing
> > malicious code.
> 
> Than you'll be responsable for it.

Nope.

> > And then Bob actually gets around to doing his commit
> > and pushing to the server, and the server doesn't actually ask for
> > file version 12345,
> 
> I don't think a monotone server will ever ask someone for files.

Of course it will; how else is it supposed to get a copy?

> > because it already has it.  And the server now has
> > a manifest that Bob attests is good, containing file 12345.
> 
> Bob won't attest that.

Sure he will.  He knows what 12345 looks like, and it really is a good
version.  He doesn't know that I'm going to lie to the server and
trick it into thinking that 12345 is something else.

> > And now someone else syncs this into their database, and says "hey, a
> > new version, and signed by Bob
> 
> not Bob, but you

Nope.  I never sent any certificates, just data, there's no record in
the database at all that says I had anything to do with things.

> > -- I trust him",
> 
> And I won't trust you :)

Doesn't help you, because you have no way to know 

> > checks out that
> > version, compiles and runs it, and has something nasty happen to
> > their system as a result.
> 
> Well that can happen everytime you use any software. It's a question
> who do you trust how much. Why do you trust MS Office? Does it not
> send data to MS?
> 
> > My question: is this plausible?
> 
> To make it short: I don't think so.
> 
> Nico
> 
> -- 
> Keep it simple & stupid, use what's available.
> Please use pgp encryption: 8D0E 27A4 is my id.
> http://nerd-hosting.net | http://nico.schotteli.us



> _______________________________________________
> Monotone-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/monotone-devel

-- Nathaniel

-- 
"Lull'd in the countless chambers of the brain,
Our thoughts are link'd by many a hidden chain:
Awake but one, and lo! what myriads rise!
Each stamps its image as the other flies"
  -- Ann Ward Radcliffe, The Mysteries of Udolpho
reply via email to
[Prev in Thread] Current Thread [Next in Thread]