From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter Teoh Subject: Re: "Write once only but read many" filesystem Date: Wed, 26 Mar 2008 10:27:38 +0800 Message-ID: <47E9B49A.30902@gmail.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Peter Teoh , linux-fsdevel@vger.kernel.org, matthew@wil.cx To: Bryan Henderson Return-path: Received: from wf-out-1314.google.com ([209.85.200.173]:2685 "EHLO wf-out-1314.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753925AbYCZCQP (ORCPT ); Tue, 25 Mar 2008 22:16:15 -0400 Received: by wf-out-1314.google.com with SMTP id 28so3094416wff.4 for ; Tue, 25 Mar 2008 19:16:12 -0700 (PDT) In-Reply-To: Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Bryan Henderson wrote: >>> other times you talk about a filesystem that can be updated, ... >>> >> NO updating is possible. >> > > I'm still not convinced you mean that, because the example you give is > specifically of a file that becomes immutable after some writing to it. > How about creating a new file? Yes - always allowed. > That is a filesystem update. Do you want > to allow that? How about directory modifications, such as rename and > unlink? > Creating directories - always allowed. Modification - rename/unlink etc will be disallowed. > Yeah, that's what the bad guy will do. So you haven't prevented someone > from undetectably modifying previously written data. > > This is the only difference between the current discussion, and the hardware WORM storage solution u mentioned in the previous email, due to it software vs hardware implementation aspect. I have also found this: ftp://reports.stanford.edu/pub/cstr/reports/cs/tr/87/1177/CS-TR-87-1177.pdf Well, I would like to thank you and Matthew for the discussion (I think using the printer is not advisable - the output is not really so immutable after all - JUST reprint the modified content will do. Similarly for WORM storage medium - just write into another CD.) U agree with me?. Sorry for the rubbish talk :-). Anyway, I shall attempt to write some proof-of-concept patches to try out the idea. I may fail. Thanks.