[Monotone-devel] Re: Monotone server

[Bruce Stephens]

Daniel Carrera <address@hidden> writes:

[...]

> In which way are signatures more pervasive in monotone?

Every cert is signed.

>> (In that case it's not much different from
>> monotone; in monotone revisions aren't signed, rather the things
>> attached to revisions get signed, so if you have a tag, the only
>> signature that matters (arguably) is that one signature.)
>
> So, when I run 'mtn commit' Monotone is not signing anything? I
> couldn't find a sign command for Monotone so I assumed that every
> commit was signed.

"mtn commit" always adds four certs (author, date, branch, changelog).
The revision itself is not signed, but those four things are (and they
reference the revision).

[...]

>> But maybe you just want to be sure that nobody else has changed
>> something, in which case adding a signed tag now and again might be
>> enough.  Or just make a note somewhere of the most recent commit hash.
>
> I'm interested in the latter. I just want an easy way to detect random
> corruption or intentional tampering. I *could* keep track of the
> hashes, but truthfully, I won't. Intrusion is a very rare event and if
> I have to jot down a hash every day (I upload every day) I might keep
> it up for a month or two and then I'll stop doing it.

Then probably any system would do (well, not CVS).  Maybe not
subversion, either.  (subversion's got lots of integrity checks, but
if someone has access to the server then (in principle) they could
rewrite the database and I'm not sure how easy it would be to tell.
Maybe there's a hash somewhere, but I don't see it.)

> I don't know if any RCS has this feature, but I would really like to
> be informed if something has changed. If the server is compromised, I
> want to hear about it. I'm not sure what I need to get this feature,
> but I figured that monotone would be a good place to start.

I guess monotone probably is your best bet, though if someone can mess
with the monotone binary then you're screwed.  But if you assume they
haven't corrupted that, then you could run "mtn db check" on the
server to check the integrity of the database.  (The other systems
have checkers, but monotone comes in a single binary which is
convenient.)

With the other systems you could do "git clone ..." or whatever and
then verify your local copy (and compare the hash of the head against
what you think it ought to be).

[...]

> I probably don't understand git's index feature. I'll read about it
> on the links you gave me. Maybe then I'll see how it would be useful
> to me.

It permits something like "darcs record"'s interactive mode, in that
it's easy to build up the changes you want to commit.  (Though you
need extra bits to do the per-chunk adding that record has, which "git
commit -i" has.)  Related features of git make "git commit --amend"
possible (equivalent, IIUC, to "darcs amend-record").  Someone blogged
about it <http://tomayko.com/writings/the-thing-about-git> a little
while ago.

>>> Do you use Monotone anywhere? I ask because you are, after all, in a
>>> Monotone mailing list.
>>
>> I used to use it, but I don't any longer.
>
> You switched to git everywhere?

Come to think of it, I still use mtn to back up ~/.jpilot.  I think
I'd use git for anything now, but for that application there's no
reason to change.  (Hmm, I guess if there were an application where the
single-binary property was important then I'd go with
monotone---copying a single binary beats installing git.)