[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-devel] Re: Monotone server
|
From: |
Lapo Luchini |
|
Subject: |
[Monotone-devel] Re: Monotone server |
|
Date: |
Thu, 09 Oct 2008 18:20:48 +0200 |
|
User-agent: |
Thunderbird 2.0.0.17 (X11/20080929) |
Daniel Carrera wrote:
> Thanks for the links. It looks like Mercurial is like git: one can use
> gpg to sign a revision (and implicitly, its history). In which way are
> signatures more pervasive in monotone?
Every single commit is digitally signed, and the signature and trust of
each key is checked every time: a revision signed by an untrusted key
will not even appear to exist.
Signing a specific version implicitly certifies all the previous
history, but only as far as the people signing is *aware* of every
single past change; OTOH having a signature on each and every single
commit can immediately lead to the "offender" in case of problems.
(ok, mtn doesn't sign revisions but only certs: metadata about
revisions, but since every revision has 3 certs by default, every
revision is usually at least triple-signed by every committer)
(yes, the same revision can have multiple committers, if they did change
exactly the same bytes of the same files, they produced the same
revision; this happens most often on "clean merges" or if both applied a
third-party patch)
> So, when I run 'mtn commit' Monotone is not signing anything? I couldn't
> find a sign command for Monotone so I assumed that every commit was signed.
It's signing certs of this general form:
(revision hash, cert name, cert value)
I think "mtn commit" by default signs a "branch" cert, a "date" cert, an
"author" cert and optionally a "changelog" cert.
Since the "revision hash" is criptographically strongly itself, the
revision is indirectly "certified" as well, even though not "directly
signed".
> Intrusion is a very rare event and if I have to
> jot down a hash every day (I upload every day) I might keep it up for a
> month or two and then I'll stop doing it.
That's why I think it's good for a tool to be a little slower, but
always do all the *proper* check on data. =)
> I don't know if any RCS has this feature, but I would really like to be
> informed if something has changed. If the server is compromised, I want
> to hear about it.
If any (relevant) bit of your storage flipped or (even worse) if someone
tampered your repository, monotone will complain very loudly on the next
checkout or commit, and probably also on every update.
--
Lapo Luchini - http://lapo.it/
“You don't have to distrust the government to want to use cryptography.”
(Phil Zimmermann)
- Re: [Monotone-devel] Re: Monotone server, (continued)
- Re: [Monotone-devel] Monotone server, Phil Hannent, 2008/10/09
- Re: [Monotone-devel] Monotone server, Stephen Leake, 2008/10/09
- Re: [Monotone-devel] Monotone server, Daniel Carrera, 2008/10/09
- [Monotone-devel] Re: Monotone server, Bruce Stephens, 2008/10/09
- Re: [Monotone-devel] Re: Monotone server, Daniel Carrera, 2008/10/09
- [Monotone-devel] Re: Monotone server, Bruce Stephens, 2008/10/09
- Re: [Monotone-devel] Re: Monotone server, Daniel Carrera, 2008/10/09
- [Monotone-devel] Re: Monotone server, Bruce Stephens, 2008/10/09
- Re: [Monotone-devel] Re: Monotone server, Daniel Carrera, 2008/10/09
- [Monotone-devel] Re: Monotone server,
Lapo Luchini <=
- [Monotone-devel] Re: Monotone server, Bruce Stephens, 2008/10/09
- Re: [Monotone-devel] Re: Monotone server, Daniel Carrera, 2008/10/09
- [Monotone-devel] Re: Monotone server, Bruce Stephens, 2008/10/09
[Monotone-devel] Re: Monotone server, Lapo Luchini, 2008/10/09