As Boar is intended for being the sole storage of user data, it is imperative
that software quality is ensured. But even with the best of practices, it will
be hard to convince some potential users about the safety of Boar. The solution
is to allow for an external, small, program to double-check that Boar is not
corrupting or deleting any data. This small program, lets call it an external
validation tool (EVT), should be simple enough that a sceptical user could
write his or her own EVT. Thus, the user does no longer need to trust Boar,
only themselves.
In its simplest form, an EVT might be something like a thinly wrapped checksum
tool, like md5sum or sha1sum. At every commit, the EVT is executed with the
workdir as argument, generating a list of checksums for all files. The output
of the EVT is then stored by Boar together with the snapshot data.
When the repository is verified, the EVT is executed for every snapshot, with
its own output as input. It should then proceed to convince itself that the
repository contains all the data that was committed.
The EVT must be a separate executable, to avoid any possible errors injected by
Boar. The EVT must also know the snapshot id that it is generating or
verifying, so that it can make sure that Boar does not mix up the snapshots.
The EVT must also know about the current Ignore/Include patterns in use, as
ignored files will be missing in the snapshot, and the EVT must be able to tell
if that is correct.
An user might choose to implement a relaxed EVT, only checking the validity of
certain aspects. An extremly strict EVT might be useful during development to
make sure Boar behaves as expected.
Original issue reported on code.google.com by ekb...@gmail.com on 8 Mar 2012 at 9:50
Original issue reported on code.google.com by
ekb...@gmail.comon 8 Mar 2012 at 9:50