On Jan 23, 2008 5:47 PM, zooko
In principle it is good to provide a cryptographically secure hash, as this allows users to sign their repositories by signing a single file, which seems like it's potentially quite a useful feature.
Can you be more specific about this -- who can "sign" a repository? How is such a signature checked? What guarantee can you rely on if the check passes?
All data in the hashed format is hashed. Darcs doesn't implement any checking of signatures, but you could (relatively) easily do so by hand. Just sign _darcs/hashed_inventory, and if the signature is valid and the repository is consistent (which darcs automatically checks for any portion of the repository that it accesses), then the repository hasn't been tampered with (since it was signed, anyhow). As far as what the guarantee is, all contents of the repository (except _darcs/prefs/ and of course the working directory) are accessed by hashes stored in that one file. David