monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trust in monotone (was Re: [Monotone-devel] newbie question - SHA1 v

From: K. Richard Pixley
Subject: Re: Trust in monotone (was Re: [Monotone-devel] newbie question - SHA1 vs serials)
Date: Tue, 19 Apr 2005 12:48:47 -0700
User-agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) 
Nathaniel Smith wrote:


Trust is also a rather serious problem with serials.  The case where I
have foo.bar.com and someone sends me 1:foo.bar.com isn't so bad; the
bad case is where I have foo.bar.com and someone else sends _you_
1:foo.bar.com, you have no way to tell whether it's valid or not, and
now when I tell you "hey, can you check out this bug I'm working on
in 1:foo.bar.com?", you may unknowingly check out and run the evil
person's code instead.  Hashes, you _always_ can communicate reliably.

This isn't really any worse than the user authentication problem, is it?
I mean, you need user authentication in order to accept/decline trust on a user basis. You need machine authentication in order to accept/decline trust on a machine basis, no? 

--rich
reply via email to
[Prev in Thread] Current Thread [Next in Thread]