Tue Mar 25 23:26:52 CDT 2008
plain text format to be able to inspect the files and make sure that
they have not been changed by a virus?
It is not necessary to have the repository contents in plain text to
do that -- all you need is to sign a trusted revision number with a
GnuPG key. You can then later verify the integrity of the repository.
The gpg Mercurial extension makes this (already easy step) even
The point is that the revision number (the hexadecimal string printed
using, say, 'hg id') depends on *everything* in the repository. So it
is impossible for a virus to change any meta-data without also
disturbing the hash value.
You can therefore easily trust a repository given to you by a
stranger, as long as you verify the integrity (with 'hg verify') and
check that the revision of the repository is trusted.
If the tip-most revision is unknown to you, then you can always strip
the unknown revisions away using 'hg strip' and then start from a last
known good revision.
And please note that this property is not unique to Mercurial: all the
other modern revision control systems use the same technique to make
it easy to verify the integrity of a repository.
VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multi-Party Computation) to Python. See: http://viff.dk/.
More information about the Mercurial