No subject
Wed Mar 26 04:26:52 UTC 2008
plain text format to be able to inspect the files and make sure that
they have not been changed by a virus?
It is not necessary to have the repository contents in plain text to
do that -- all you need is to sign a trusted revision number with a
GnuPG key. You can then later verify the integrity of the repository.
The gpg Mercurial extension makes this (already easy step) even
easier: http://www.selenic.com/mercurial/wiki/index.cgi/GpgExtension
The point is that the revision number (the hexadecimal string printed
using, say, 'hg id') depends on *everything* in the repository. So it
is impossible for a virus to change any meta-data without also
disturbing the hash value.
You can therefore easily trust a repository given to you by a
stranger, as long as you verify the integrity (with 'hg verify') and
check that the revision of the repository is trusted.
If the tip-most revision is unknown to you, then you can always strip
the unknown revisions away using 'hg strip' and then start from a last
known good revision.
And please note that this property is not unique to Mercurial: all the
other modern revision control systems use the same technique to make
it easy to verify the integrity of a repository.
--
Martin Geisler
VIFF (Virtual Ideal Functionality Framework) brings easy and efficient
SMPC (Secure Multi-Party Computation) to Python. See: http://viff.dk/.
More information about the Mercurial
mailing list