monotone

Issue 220: Recommended trust hook is insecure

Reported by joe 23, Jan 31, 2013

... and no documentation on how to fix it.

The docs at http://www.monotone.ca/docs/Trust-Evaluation-Hooks.html 
recommend a key name based get_revision_cert_trust hook but that is 
insecure since monotone now allows duplicate key names.

A secure implementation must use the key ID, but there's no 
documentation on how to do that. The secure hook may be implemented 
by using quoted hex key ids in 'trusted_signers", and 
implementing a new function (e.g. 'idintersection') that uses v.id 
instead of v.name.

This ticket is for a fix to the website and any other places where 
the example is given, to provide a secure example.



Steps to reproduce the problem:
-------------------------------

1. Add second key with same name
2. Sample trust hook will trust it too


Expected result:
----------------
Better example


Output of `mtn version --full`:
-------------------------------
1.0.0

Created: 4 years 9 months ago by joe 23

Status: New

Labels:
Type:Defect
Priority:Medium

Quick Links:     www.monotone.ca    -     Downloads    -     Documentation    -     Wiki    -     Code Forge    -     Build Status