Having more than three phases (was RFC: Phase UI (revset, phase command and others))

David Pierre-Yves marmoute at gmail.com
Sat Jan 7 11:05:52 CST 2012


On 3 janv. 12, at 11:55, Laurens Holst wrote:

> Op 03-01-12 10:38, Pierre-Yves David schreef:
>> On Thu, Dec 29, 2011 at 01:22:51PM -0600, Matt Mackall wrote:
>>> Not really sure why this is necessary. After all, we only share  
>>> public and draft, so only the public/draft boundary every needs to  
>>> be exposed remotely.
>> Exchanging secret boundary are actually useful to detect secret  
>> changeset that
>> exist elsewhere. The current behavior when such (not so) secret  
>> changeset are
>> detect is to set them in draft phase (at least).
>
> I think the secret boundary should not be exchanged. By sharing you  
> do give away some information, that at that point in time a  
> changeset with that ID existed. Secret should mean secret, and you  
> shouldn’t share this kind of information.

Secret changeset are not indiscoverable secret in many ways. For  
example you can pull them anyway if you explicitly  ask the server for  
them. The secret phase is more a safety to prevent unexpected pushing/ 
pull some changeset, relying on them to keep stuff undisclosed is  
wrong assumption and the name is probably bad then.

> E.g. say I made something during company time, but wanted to keep it  
> secret so I can push it when I’m at home and (technically) keep the  
> copyrights on it. If my boss can then prove I made the changeset  
> during work hours by showing server logs that contain the changeset  
> ID, they’ve got a pretty strong case.
>
> I’ve seen people publicly blogging changeset IDs to prove that a  
> change was made without disclosing the contents of the changeset (to  
> defend against possible patent claims with prior art), so this kind  
> of use is not unrealistic.

Allowing people to cheat theier boss while using a single mercurial  
clone is really not in my requirement list for this feature. And I'll  
not bend to death the way phases concept is implemented just to  
fullfil it.


To bikeshred your example:
(1) The initial assumption that you will keep the copyright but  
pushing it from home is wrong in many country.
(2) The fact that the hash show up in your bosses log does *not* mean  
it was created during work hour


-- 
Pierre-Yves David


More information about the Mercurial-devel mailing list