[MERGE REVIEW] Tweaks to bundle merging
John Arbash Meinel
john at arbash-meinel.com
Sat Jun 17 15:41:03 BST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Ellerman wrote:
> On 6/16/06, Aaron Bentley <aaron.bentley at utoronto.ca> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Michael Ellerman wrote:
>> > Come to think of it, why do we need the roll-up diff at all? Aren't
>> > all the individual diffs sufficient?
>>
>> No, the roll-up contains the data to produce the target revision, which
>> none of the other diffs contains.
>>
>> It doesn't have to be a roll-up, though-- it could be just like the
>> other diffs. We made it a roll-up so that you could review the combined
>> changes using it.
>
> Yeah, that's what I meant, show each diff individually. That has the
> other nice property that the messages correspond to the diff hunks.
>
> I think this would work even better if all the trailing blocks
> (revision_id/sha1/etc) could drop to the bottom. And maybe be
> base64'ed there too.
>
>> Plus it means that we can check the target revision's signature without
>> having to install anything.
>
> Ok, that's nice I guess. But not sure if it justifies the slight
> strangness of the current format.
>
> cheers
>
>
The biggest thing is that with a rollup, you may revert some changes in
a later hunk than what shows in a previous hunk. Which is much harder to
review than just the final patch.
What I've been thinking about for a future bundle format is to actually
just stream the knit hunks at the bottom, ungzipped, bzipped, and base64
encoded, rather than re-creating them.
Then we can just create a nice looking rollup patch at the top, which
the merge code can verify. I think it is very important to have a patch
that can be reviewed, and which is verified at the time it is merged.
The whole point is to read something, and know that it is what is going
to be applied. If you split each diff up, you may end up with one diff
that looks quite good, but it is secretly hiding a later diff which adds
a bug/rootkit.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFElBR/JdeBCYSNAAMRAmxxAKCCHGF6hbbOhyl5mOyPkKaPUgd1+wCeLfCR
V/QdNTshbGS3KJBb+/F3Fok=
=Vwfe
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list