Perl 6 - the future is here, just unevenly distributed

IRC log for #darcs, 2014-01-25

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:10 schlaftier joined #darcs
01:06 raichoo joined #darcs
01:14 gh_ joined #darcs
01:26 colDrMcBeardman joined #darcs
02:38 intripoon_ joined #darcs
03:37 lpsmith joined #darcs
03:46 dolio joined #darcs
04:06 amgarchIn9 joined #darcs
05:23 mizu_no_oto joined #darcs
07:31 lelit joined #darcs
09:33 raichoo joined #darcs
09:35 colDrMcBeardman joined #darcs
10:08 schlaftier joined #darcs
11:51 lelix joined #darcs
12:21 raichoo joined #darcs
12:34 mizu_no_oto joined #darcs
13:00 f-a joined #darcs
14:53 mizu_no_oto joined #darcs
15:34 f-a joined #darcs
16:05 mizu_no_oto joined #darcs
17:03 stulli joined #darcs
17:48 stulli joined #darcs
17:52 mizu_no_oto joined #darcs
18:18 mizu_no_oto joined #darcs
18:30 bernalex Heffalump: users doing a checkout of a repository should be able to verify the repository's integrity. I thought this was an obvious thing that all modern VCS handled.
18:44 rdesfo joined #darcs
19:03 amgarchIn9 joined #darcs
19:47 raichoo joined #darcs
20:03 whaletechno joined #darcs
20:14 stulli joined #darcs
20:20 mizu_no_oto joined #darcs
20:28 rdesfo left #darcs
21:07 stepkut joined #darcs
21:18 mekeor joined #darcs
21:39 raichoo joined #darcs
21:39 colDrMcBeardman joined #darcs
21:49 Heffalump bernalex: verify the integrity against what, though? Without some independent source of trust it doesn't add anything.
22:19 bernalex Heffalump: MitM attacks.
22:29 Heffalump bernalex: between the server and the client? You can't protect against those without some kind of external validation of the server's identity, e.g. a signed certificate. You'd get that kind of protection if you used https.
22:32 f-a mh, I wonder if there is a way to get an "hash" of a repo (and sign it with a private key)
22:33 Heffalump f-a: unfortunately there's no "small simple hash" to sign.
22:33 Heffalump which is where darcs genuinely does fall down compared to some other VCSes
22:36 f-a does other vcses have one?
22:37 mizu_no_oto joined #darcs
22:40 amgarchIn9 joined #darcs
22:47 Heffalump f-a: git has a hash for each commit, which incorporates the entire history of that line of development
22:47 Heffalump the problem with doing exactly that in darcs is that it would be invalidated by reordering two earlier patches in the history, even though that makes no semantic difference to a darcs repo
22:53 f-a ok, let's be brave and think around that:
22:54 f-a is there a
22:54 f-a someFunction :: Folder -> Hash
22:54 f-a because if there is you could, you know, set up a simple script, sign that thing, be happy
22:55 Heffalump what's Folder in this context?
22:56 Heffalump if it's just an OS directory, obviously you could write that, but I'm not sure what you'd run it on.
22:56 Heffalump If you normalised the _darcs folder including removing garbage from some of the internals, you could use that, but it'd still have the problem above
22:58 f-a folder is your darcs repo
22:58 f-a (including foler/_darcs)
22:59 Heffalump ok, so there's a lot of information in there you might not want in the hash, like unrecorded changes including build products, and other junk in _darcs. None of which is downloaded by darcs get.
22:59 f-a (or if you so wish *excluding* _darcs)
22:59 f-a then exclude *darcs*
22:59 Heffalump I think you can actually extract a hash directly from _darcs/inventory
22:59 f-a * _darcs, I meant
23:00 Heffalump so the only issue with that is the patch ordering one from above. Also, darcs doesn't have a cheap operation for looking up a given hash in the history of a given repository.
23:00 f-a ok
23:00 f-a for a second imagine:
23:00 f-a rm _darcs
23:00 f-a (hash function)
23:00 f-a (sign)
23:00 f-a will that do for you?
23:01 Heffalump it'll include unrecorded changes in the working directory, and it'll exclude the patch history that got you to that point. So I don't think it'd be great, but it might suit some needs.
23:05 f-a you'd have unrecorded changes problem with, say, git, too, right?
23:06 Heffalump git has identifiers for commits
23:06 Heffalump so if you signed that you'd be signing just a recorded repository state
23:07 f-a what about the uncommitted changes?
23:08 Heffalump if you're doing a remote fetch of the repo you won't get those changes, so you don't want them in the hash anyway
23:16 gh_ joined #darcs
23:24 stulli joined #darcs
23:38 schlaftier joined #darcs

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary