FYI: a secure Monticello?
Avi Bryant
avi at beta4.com
Thu Nov 6 18:52:53 UTC 2003
On Nov 6, 2003, at 4:20 AM, Phil Hargett wrote:
> In the interest of sharing ideas about source code control and
> versioning systems, have y'all seen this recent update on freshmeat
> for a package called Monotone?
>
> It bills itself as a secure, distributed version control system. It
> resembles Monticello in that any repository can sync with any other
> repository, and each package in a repository knows it's version
> history with other repositories. It adds further functionality like
> delta merging within files and source trees, secure hashing (with
> SHA1) of source trees and file contents to ensure package integrity,
> and the use of certificates with RSA encryption to authenticate
> authors of changes.
>
> Although today we get buy just fine without being overly concerned
> with security in our sharing of source, someday that might not be the
> case. Anyway, interesting stuff. :)
Yeah, very interesting. I've read about monotone before (and blogged
about it, actually), and there have been a couple of discussions on IRC
about adding monotone-like security to MC. I think it would work quite
well (apart from the use of certificates, the monotone and MC models
are extremely similar), but there are some practical problems with
using asymmetric encryption for everything (do I carry my private key
around on USB storage, or?).
Avi
More information about the Squeak-dev
mailing list
|