Hi, Junio C Hamano wrote: > Can we do something similar, i.e. maintain minimum set of cut-off > points and adjust that set incrementally, just sufficient to ensure > the integrity of objects locally created and not yet safely stored > away by pushing them the "other side"? This sounds like a variant on the "promises" idea (maintaining a list of objects at the frontier) described before. Instead of listing blobs that the server promised, you are proposing listing trees that the server has promised to handle all references from. > I haven't thought things through (and I know you, Ben and others > have thought much longer and harder), but I would imagine if we have > a commit object [*1*], some of whose parent commits, trees and blobs > are locally missing, and know that the commit exists on the "other > side", we know that all of these "missing" objects that are > referenced by the commit are also available from the "other side". > IOW, I suspect that the same principle "shallow" uses to give us the > integrity guarantee can be naturally extended to allow us to see if > a broken connectivity is OK. If we are deeply worried about this kind of broken connectivity, there is another case to care about: the server can "promise" to serve requests for some object (e.g., the tree pointed to by the server's "master") and then decide it does not want to fulfill that promise (e.g., that tree pointed to private key material and "master" was rewound to avoid it). In the promises model, how we do we get a fresh understanding of what the server wants to promise now? Earlier in this discussion of fsck, I thought you were proposing a slightly different idea. The idea I heard is that you want to check connectivity for whatever you have built locally, while accepting a relaxed guarantee for objects from upstream. If an object is missing, the idea would be that at least this way you know whose fault it is. :) (Not that there's much to do with that knowledge.) Implementing that by treating everything reachable from a remote-tracking branch as "from upstream" seems natural. But that implementation suffers from the same problems: not all objects from upstream need be reachable from a remote-tracking branch (e.g. after a fetch-by-object-id, or because a remote branch can be rewound). Both variants proposed of the promises idea also hold some promise, but my understanding was that the cost of maintaining the promises file (getting data to fill it, locking on update, merging in new objects into it on update), for little benefit wasn't palatable to Microsoft, who has been coping fine without such a file. Jonathan
