* Linus Torvalds <[EMAIL PROTECTED]> wrote:
> On Wed, 13 Apr 2005, Ingo Molnar wrote:
> >
> > well, the 'owned by another user' solution is valid though, and doesnt
> > have this particular problem. (We've got a secure multiuser OS, so can
> > as well use it to protect the DB against corruption.)
>
> So now you need root to set up new repositories? No thanks.
yeah, it's a bit awkward to protect uncompressed repositories - but it
will need some sort of kernel enforcement. (if userspace finds out the
DB contains uncompressed blobs, it _will_ try to use them.)
(perhaps having an in-kernel GIT-alike versioned filesystem will help -
but that brings up the same 'I have to be root' issues. The FS will
enforce the true immutability of objects.)
perhaps having a new 'immutable hardlink' feature in the Linux VFS would
help? I.e. a hardlink that can only be readonly followed, and can be
removed, but cannot be chmod-ed to a writeable hardlink. That i think
would be a large enough barrier for editors/build-tools not to play the
tricks they already do that makes 'readonly' files virtually
meaningless.
Ingo
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
