On Tue, Nov 11, 2003 at 01:25:31AM -0600, Andy Isaacson wrote:
> 
> Furthermore:  when a clone is made of a BitKeeper repository, the
> resulting repository is a fully functional duplicate of its parent.
> Every peer who has downloaded a copy of the Linux BK tree has a complete
> revision history, so there's no master copy to compromise -- if Linus'
> tree were modified by an intruder, he would be able to compare it
> against any other copy of the tree to find the changes.  (And in fact,
> Linus has several trees; the ones on his main work machine and the ones
> on kernel.bkbits.net, to start.)   It's not completely secure, but BK
> does make the attacker's job enormously more difficult than a
> centralized, there-is-one-repository CVS system.

The above paragraph is almost completely specious; all of the assertions
made about copies of BitKeeper repositories are equally true of copies of
CVS repositories, and the implicaiton that, for example, our CVS repository
is "centralized, there-is-one-repository" and thus somehow more vulnerable
than the Linux BitKeeper repository is quite simply and entirely false.

Thor