mw-list-postfix-userscsi.hu:
> On Mon, Feb 03, 2003 at 03:59:21PM -0500, Wietse Venema wrote:
> > mw-list-postfix-userscsi.hu:
> > > On Fri, Jan 31, 2003 at 08:18:50PM -0500, Wietse Venema wrote:
> > > > Either you have solved the problem of assigning globally unique
> > > > identifiers to objects. This seems unlikely to me.
> > > >
> > > > Or, more likely, you allow multiple uses of the same identifier,
> > > > in which case identifier collisions are by definition possible.
> > >
> > > If we could start over: in case of a successful write of tmp/uniq, do
> > > not remove it, but have the MUA remove it after it removed new/uniq or
> > > cur/uniq:info.
> >
> > According to this scheme, the accidental loss of a tmp/uniq file
> > causes silent loss of mail due to an undetected file name collision.
> > To fix, the MUA would have to "fsck" missing links back into place.

According to your scheme, a name is not reused as long as the name
is linked to tmp/uniq (with an extra link to col/uniq to clue
in the MUA).

> My feeling was that leaving tmp/time.VnIn.hostname around is an
> _extra_ protection against name collision, but paradoxially, it in
> fact somehow makes things worse.

I agree: the extra links in {tmp,col}/uniq add protection against
file name reuse.

However, the protection is limited to that specific maildir. It
does not prevent use of the same file name in other maildirs.

The protection does not prevent loss of mail when maildirs are
restored and merged after the hypothetical time reversal attack.

If instead of <time> we can find something else that is guaranteed
monotonic within a system then we don't need {tmp,col}/uniq links.

        Wietse

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]