[MERGE REVIEW] Tweaks to bundle merging

John Arbash Meinel john at arbash-meinel.com
Thu Jun 15 18:38:22 BST 2006 

Matthew D. Fuller wrote:
> On Thu, Jun 15, 2006 at 03:27:50PM +1000 I heard the voice of
> Michael Ellerman, and lo! it spake thus:
>> Or always encode it, and have the patch there purely for human
>> consumption.
> 
> This is my thought.
> 
> We've already got all the other patches base64'd, just have ALL of
> them base64'd, with a "cumulative" at the top for the human-readable
> part of it (and/or for a best-effort sort of 'patch' fallback if
> necessary).
> 
> 

Part of the problem is that we want to make sure the thing a human
reviews is the thing we commit to their tree.
Otherwise it is far to easy to sneak in a rootkit in the base64 encoded
patches.

So we have some real opposing constraints here. Hide too little, and
things look ugly, hard to review, and potentially munged. Hide too much,
and you aren't safe to just apply the patch after reviewing it. You have
to do the merge, and then review that.
But if you have to do that anyway, why send any text that is human readable?

My current favorite would be to just base64 encode the compressed knit
entries at the bottom, which makes 'apply' very fast. And then use a
verification step that makes sure the final output matches the expected
diff. If we did that, you could change the final check so that it can
ignore whitespace changes.

But realize that with stuff like python source code, you could easily
hide a rootkit in a leading whitespace change. Or a tab instead of space
characters, etc.

I wasn't sure about just relying on a verification step, but as long as
the person who is doing the merge has their (semi-)trusted code doing
the verification it seems okay.

And then we could support 'bzr merge ../bundle --ignore-verification' to
handle email munged texts. The user is advised to review the final diff,
however.

John
=:->



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060615/2ea56fdd/attachment.pgp

More information about the bazaar mailing list