Mutating history in Subversion and Bazaar
Aaron Bentley
aaron.bentley at utoronto.ca
Thu Aug 31 19:56:19 BST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Arbash Meinel wrote:
> Aaron Bentley wrote:
> ...
>
>
>>But if you use a clever fetcher that works by slinging knit deltas
>>around, then yes, it's conveivable to corrupt the knit. Knits store
>>sha1 hashes, so the corruption would be easy to detect.
>>
>>I don't know whether we check sha-1's when copying deltas from one knit
>>to another. We could do that, or we could make sure that the sha-1 of
>>the parent in the target knit matches the sha-1 of the parent in the
>>source knit. So for knits, the knit itself contains enough data to
>>verify that you're not creating a version that cannot be constructed.
>>
>
>
> Unfortunately we don't. We check the sha-1 sums when we extract the
> texts, but to check them at 'join()' time means that we have to extract
> the content, apply it to the previous text in the case it is a delta,
> which may mean extracting all of the other previous texts, etc.
Yes. I suggested we check the parent sha-1's because it's cheaper to do
that. It provides a good guarantee against history mutation, but it
doesn't provide a good guarantee against broken knit deltas.
> Right now we do:
> 1) download inventories to find out what file ids are modified, keep
> these cached in ram.
>
> 2) for each file id found in (1):
> join the remote knit to the local knit (data + index),
> for a given set of revisions
>
> 3) join the remote inventory.knit and .kndx to the local inventory.knit
> (the downloaded contents should still be cached in ram)
>
> 4) join the remote revisions.knit and .kndx to the local revisions.knit.
>
> Now, if we made some steps more explicit, we could do a little bit more
> integrity checking. The first thing that I would add is
[snip]
Yes, that sounds like a possible improvement, if the overhead isn't too big.
Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFE9zDT0F+nu1YWqI0RAm4VAJ9i9doQ6DSx9u2PYSyGg7eN6UV6CACcDXFF
4kAH+Pcr5TWVdJHxe8lp0+Q=
=2d2I
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list