[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Re: version 1.14 fails "make check"

From: Richard Levitte - VMS Whacker
Subject: Re: [Monotone-devel] Re: version 1.14 fails "make check"
Date: Mon, 16 Aug 2004 09:47:54 +0200 (CEST)

In message <address@hidden> on 15 Aug 2004 15:20:06 +0200, Peter Simons 
<address@hidden> said:

simons> Richard Levitte writes:
simons>  >> In _my_ case, the current branch is important. I want to
simons>  >> say: In branch "foo" we'll trust key "bar".
simons>  > The thing is, as I understand it, is that the "current"
simons>  > branch is only an attribute of your working directory,
simons>  > and has absolutely nothing to do with the contents of the
simons>  > database.
simons> Yes, you are right. But that doesn't really affect my use
simons> case. I want to say: In branch "foo" we'll trust key "bar".
simons> Period. And that's not possible with the current model,
simons> unless I have a monotonerc file per branch. But I want a
simons> global one.

I don't understand why that is not possible.  You need the following:

 1. the branch name
 2. the key that signed the branch cert
 3. the list of <branch,key> trust tupples.

You get 1 and 2 from the branch cert.  You keep 3 as a local table or
a set of local tables in get_manifest_cert_trust.  In my example (kept
below), I had a table for the branch "foo", mostly because I don't
know the Lua language well enough to make a proper tupple table, yet.
I see nothing that stops the function from existing in a global

simons>  >   function get_manifest_cert_trust (signers, id, name, val)
simons>  >     local foo_trusted_signers = { "address@hidden", ... }
simons>  >     local t_foo = intersection(signers, foo_trusted_signers)
simons>  >     if t_foo ~= nil
simons>  >     then
simons>  >       if name == "branch" and val == "foo" and table.getn(t_foo) >= 1
simons>  >       then
simons>  >         return true
simons>  >       end
simons>  >     end
simons>  >     return false
simons>  >   end
simons> I am not certain what this code does, actually. Won't this
simons> leave any other certificate (say, ancestor) untrusted?

Correct.  The following should behave a little better:

  function get_manifest_cert_trust (signers, id, name, val)
    local foo_trusted_signers = { "address@hidden", ... }

    if name == "branch" and val == "foo"
      local t_foo = intersection(signers, foo_trusted_signers)
      if t_foo ~= nil and table.getn(t_foo) >= 1
        return true
      return false

    return true

This function will return true for all certs that aren't a branch cert
for the branch "foo", or for branch certs for the branch "foo" where
the signing key matches at least one of the trusted signers for
"foo".  It will return false for all others (i.e. branch certs for the
branch "foo" where the signers didn't match any of the trusted

Please consider sponsoring my work on free software.
See for details.

Richard Levitte                         address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]