On Nov 6, 2003, at 4:20 AM, Phil Hargett wrote:

> In the interest of sharing ideas about source code control and 
> versioning systems, have y'all seen this recent update on freshmeat 
> for a package called Monotone?
>
> It bills itself as a secure, distributed version control system.  It 
> resembles Monticello in that any repository can sync with any other 
> repository, and each package in a repository knows it's version 
> history with other repositories.  It adds further functionality like 
> delta merging within files and source trees, secure hashing (with 
> SHA1) of source trees and file contents to ensure package integrity, 
> and the use of certificates with RSA encryption to authenticate 
> authors of changes.
>
> Although today we get buy just fine without being overly concerned 
> with security in our sharing of source, someday that might not be the 
> case.  Anyway, interesting stuff. :)

Yeah, very interesting.  I've read about monotone before (and blogged 
about it, actually), and there have been a couple of discussions on IRC 
about adding monotone-like security to MC.  I think it would work quite 
well (apart from the use of certificates, the monotone and MC models 
are extremely similar), but there are some practical problems with 
using asymmetric encryption for everything (do I carry my private key 
around on USB storage, or?).

Avi