Changesets feature complete

John Arbash Meinel john at
Thu May 25 19:22:49 BST 2006

Aaron Bentley wrote:
> Aaron Bentley wrote:
>>> If you sign a changeset containing your own revisions, that's the same
>>> as signing the revisions themselves.  If you sign
> To complete that thought:
> If you sign a changeset, I think you're asserting that the revisions in
> it are authentic.  If they're your own revisions, it's equivalent to
> signing your own revisions.  If they're someone else's revisions, it's
> equivalent to signing someone else's revisions.

There is another thing that signing the whole changeset gets you. You
can run one pass over it, and verify that the changeset itself is valid
before you do any more work.

> I'm not sure whether you're supposed to be able to sign someone else's
> revisions, but I think either way, it's not clear that signing the
> changeset contributes new information.  And I'm not at all certain that
> it makes sense to do the signing all at once.
> I suppose one thing that signing the changeset would provide would be
> evidence that the changeset itself is not maliciously written (as with
> ActiveX browser plugins).  But changesets aren't supposed to be
> dangerous anyway - it's not like they're an executable format - so
> that's a very limited advantage.
> Aaron

Well, they could exploit bugs in the processor (hopefully there will be
few). It also makes it easier if you wanted to do the darcs thing of
writing a line in your .procmailrc to automatically apply changesets
that are sent to a particular email address.

It also handles the case where I have merged Aaron, but he didn't sign
any of his changes. I don't want to sign each one individually, but
because they are part of history, they need to be included in the changeset.

The biggest thing in my mind is that you can do one pass over everything
and just make sure that the text you are about to parse was sent by
somebody who has access to keys that you trust.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : 

More information about the bazaar mailing list