Re: [Monotone-devel] newbie question - SHA1 vs serials

[K. Richard Pixley]

Jon Bright wrote:

K. Richard Pixley wrote:

You do nothing.  It's up to the administrator of bar.com to resolve this collision.  Only one of you is actually authorized to use this name.  Repository name doesn't necessarily change with IP or domain name change.

OK, but let's say I'm foo.bar.com, I'm syncing with someone and suddenly a revision appears which is named 1:foo.bar.com - but it's not from me..?

On second thought, I think you have a good point.  Two other possibilities come to mind for a total of three.

1) There's a loop in our delta distribution mechanism.  This should already be covered by current logic.  If you're sent the same delta twice, what happens?  I haven't checked, but my guess is that we're comparing lists of available delta id's anyway so this wouldn't happen.

2) If you already have a 1:foo.bar.com, you're not going to accept another.

3) If the incoming revision is, oh, say, 43762:foo.bar.com, and you haven't generated numbers that high yet, then you're right, we don't have any way to recognize that this wasn't us.

Conclusion: using serial:repostory-name would probably require some level of security on a repository basis.  Instead of simply accepting all revisions from a particular repository, we may need to list allowable repositories and/or make some attempt to verify that a respository with whom we are communicating really is the repository we think it is.  This might be done by chasing known IP addresses.  It might be done using a per-machine hash akin to the ones ssh uses in an attempt to flush out man-in-the-middle attacks.  It might be done by using TLS with certificates, (another delegated central authority), as our transmission mechanism.

In general, this is probably a good thing in the long run as it allows repository administrators, (ie, developers), the ability to fine tune and restrict which data they accept from whom.

--rich