On 2 Sep 2020, at 17:18, Ed Maste <emaste_at_freebsd.org> wrote: > > On Wed, 2 Sep 2020 at 07:51, Mathieu Arnold <mat_at_freebsd.org> wrote: >> >>> Git also supports sha-256 soon now, adoption should >>> be researched from various online article series and >>> work product before committing plans... >>> https://lwn.net/Articles/823352/ >>> https://git-scm.com/docs/hash-function-transition >> >> "soon now" seems a bit vague, from what I have read on the subject, >> whilst the local repository operations are working with SHA256 hashes, >> it is still lacking remote transport, clones, and such. > > Yes, Git will migrate to SHA256 but will not be completely finished > sufficiently soon to matter for our needs. We'll eventually deal with > the migration the same way as everyone else. Note that Subversion *also* uses SHA1, and has suffered from hash collisions. Which at some point broke the WebKit repository, because somebody thought it was fun to tweak two PDF files to have exactly the same SHA1. This is why Subversion added a few hook scripts to prevent adding such files: https://svn.apache.org/viewvc/subversion/trunk/tools/hook-scripts/reject-known-sha1-collisions.sh?view=markup https://svn.apache.org/viewvc/subversion/trunk/tools/hook-scripts/reject-detected-sha1-collisions.sh?view=markup -Dimitry
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC