--- Greg Hudson <ghudson@MIT.EDU> wrote:
> On Thu, 2003-12-11 at 11:18, John Pybus wrote:
> But, because we auto-merge directory operations, I think it would be
> impossible to sign directory operations (particularly deletions) in a
> way which is verifiable by other clients. In some cases you might be
> able to do damage by forging the deletion or movement of files, e.g.
> disabling security code which would otherwise be compiled in.
> So, it might be worthwhile to sign file contents, but for real
> protection against tampering we'd have to provide a way to disable the
> auto-merge feature so that you could sign whole directories before
> checkin.
how does automerge prevent adding "signed directory content hashes" as a directory property?
signed directory content hashes might be created using:
- directory properties
- hashes of all directory contents (just the top level, not recursive)
do you think signing of operations in an operations log would be necessary, or it is sufficient to
stick with "content signing", be it files, or directories?
__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Dec 11 19:13:09 2003