Daniel Shahaf wrote:
> Neels J Hofmeyr wrote on Mon, 22 Feb 2010 at 18:37 +0100:
>> About SHA1 on the 1.6 server: the point really is that we need to
>> communicate those SHA1 checksums to the client and back. Those API
>
> Communicate to the client? Eh? If those are the same checksums that go
> into the rev file, I'd hope the server calculates them by itself and
> doesn't rely on the client reporting them. (otherwise it would allow
> malicious clients to corrupt the repository)
You're right, wasn't thinking straight. Got mixed up with verifying the
locally calculated checksum with the one from the server, which is of course
entirely independent from what the client goes on to do with the data.
~Neels
>
>> mechanisms will be updated by 1.7 (or will they?). (I'm not 100% certain but
>> that's how I understood the conversations so far. Please correct me if I'm
>> wrong.)
Received on 2010-02-23 22:44:23 CET