Re: [Monotone-devel] forbid: a (nicer?) alternative to obliterate

[Paul Crowley]

Lapo Luchini wrote:
> Once policies are here, instead of a "forbidden contents table" it could
> certainly be useful (better?) to have a sort of "CRL" for VERSIONs
> (only, instead of a "certificate revocation list" it would be a "content
> removal list") signed by the very same people that have signed the
> policy. After all people can't (and shouldn't) be able to delete your
> local content (and you can do read-only backups anyway, if you want, so
> that's really pointless) but if you want to work on a project you should
> probably accept his policies, including not getting 'em in trouble
> because you're committing a new revision containing old forbidden
> content with only a whitespace change (you can do that anyway, of
> course, but having to accept the CRL as part of the policy itself
> doesn't seem too much controversial to me).

Local forbid sounds to me like a good idea we can introduce right away.

Policy obliteration is going to be needed one day for sure, but it 
scares the crap out of me and I would like to wait until the policy 
stuff is very mature before even starting to work on the details.  It 
violates two key Monotone assumptions:

* a bug has limited power to do damage because there's always a copy 
somewhere else

* it doesn't matter what order messages arrive in, the final state of 
the database is the same.

What if the same file turns up in two projects, and one forbids it?

We're also going to want "k-of-n" certification (two people have to sign 
this) on a feature like this.  Let's put off really insanely hard stuff 
like policy obliteration until we can get the simplest aspects of policy 
sorted out.
--
  __
\/ o\ Paul Crowley, address@hidden
/\__/ http://www.ciphergoth.org/