Having more than three phases (was RFC: Phase UI (revset, phase command and others))

Jason Harris jason at jasonfharris.com
Sun Jan 8 12:56:03 CST 2012


On Jan 8, 2012, at 2:51 PM, Pierre-Yves David wrote:

> On Sun, Jan 08, 2012 at 11:59:43AM +0100, Laurens Holst wrote:
>> Op 7-1-2012 18:05, David Pierre-Yves schreef:
>>> 
>>> Secret changeset are not indiscoverable secret in many ways. For
>>> example you can pull them anyway if you explicitly  ask the server
>>> for them. The secret phase is more a safety to prevent unexpected
>>> pushing/pull some changeset, relying on them to keep stuff
>>> undisclosed is wrong assumption and the name is probably bad then.
>> 
>> But the cryptographic nature of changeset IDs prevents this from
>> exposing information about the existence of these changeset IDs.
> 
> I do not understand what you mean there
> 
>> Of course it is true that it’s not really great that if you somehow
>> retrieved the changeset ID, you are able to retrieve the whole
>> changeset. So if you’d ask me this shouldn’t be possible either
>> (what’s the use case for allowing it?).
>> 
>> Why is this a wrong assumption, why wouldn’t we guarantee that
>> secret changesets are actually that, secret? I think that would be a
>> great and very useful property.
> 
> The current mercurial code base work that way. The implementation of "secret
> changeset" so far does no do anything else that pruning them from discovery
> mechanisme.

So again I think the name "secret" is then bad. Laurens has taken the command
at it's face value, (as I would) and then is rightly complaining that something secret
is not actually "secret". Better names might be:

private / draft / public

private / draft / complete

unshared / draft / complete

etc. But unless secret is actually, well secret, then it's likely not such a good name.

(BTW thanks for going through all this work! )

> Enforcing really secret changeset is much more work. Being certain it is
> perflecty secure is an utopia.
> 
> As code do not wrote himself over night the current behavior is likely to stay
> as is. Except if someone really what such guarantee to exists so much that he
> wrote code that implement them.
> 
> On the other hand people can just use separated clone to keep your private stuff
> unexposed and secure.

Cheers,
  Jas


More information about the Mercurial-devel mailing list