Re: Plans for git (was: Please check the current beta git conversions)

From: Dimitry Andric <dim_at_FreeBSD.org>
Date: Wed, 2 Sep 2020 18:15:10 +0200
On 2 Sep 2020, at 17:18, Ed Maste <emaste_at_freebsd.org> wrote:
> 
> On Wed, 2 Sep 2020 at 07:51, Mathieu Arnold <mat_at_freebsd.org> wrote:
>> 
>>> Git also supports sha-256 soon now, adoption should
>>> be researched from various online article series and
>>> work product before committing plans...
>>> https://lwn.net/Articles/823352/
>>> https://git-scm.com/docs/hash-function-transition
>> 
>> "soon now" seems a bit vague, from what I have read on the subject,
>> whilst the local repository operations are working with SHA256 hashes,
>> it is still lacking remote transport, clones, and such.
> 
> Yes, Git will migrate to SHA256 but will not be completely finished
> sufficiently soon to matter for our needs. We'll eventually deal with
> the migration the same way as everyone else.

Note that Subversion *also* uses SHA1, and has suffered from hash
collisions. Which at some point broke the WebKit repository, because
somebody thought it was fun to tweak two PDF files to have exactly the
same SHA1.

This is why Subversion added a few hook scripts to prevent adding such
files:

https://svn.apache.org/viewvc/subversion/trunk/tools/hook-scripts/reject-known-sha1-collisions.sh?view=markup
https://svn.apache.org/viewvc/subversion/trunk/tools/hook-scripts/reject-detected-sha1-collisions.sh?view=markup

-Dimitry


Received on Wed Sep 02 2020 - 14:15:21 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:25 UTC