On Fri, Mar 23, 2007 at 10:04:22PM +0100, u+codalist-p4pg_at_chalmers.se wrote:
> > And what are we protectings against? To prevent someone who doesn't have
> > read access to a file from intercepting the sha1? If that is possible we
> 
> If sha1 is not available unless read access is allowed, then we are fine.
> (Isn't the hash currently sent with the file attributes?)

Yes, but the server has the option to return all zeros. If another user
then tries to access the file we have no cached rights and so we will
call getattr to discover what our permissions are.

Jan