"brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: >> 3) Illicit contents may be present in binary blobs, which in the future may >> be need to be removed without warrant and the only way to do that is by >> rebasing and force pushing, which will break "everything". It can be >> everything from child-porn to expired distribution licenses. > > This is a problem in every Merkle tree-like system. Most repositories > have some sort of code review or access control that prevents people > from generally pushing inappropriate content. For example, if somebody > proposed to push any sort of pornography or other inappropriate content > (e.g., a racist screed) to one of my repositories or one of my > employer's, I'd refuse to approve or merge such a change, because > that wouldn't be appropriate for the repository. > > I don't feel this is enough of a problem that using a Merkle tree-like > construction is a bad idea, given the benefits it offers. While I agree with the primary thrust of your argument, this one is a bit tricky to reason about. External rules change and can declare what has been accepted as appropriate inappropriate on a whim, long after you reviewed the material coming into your history and decided it was perfectly fine, under the then-prevailing definition of what is and isn't appropriate.
