From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Herczeg Zsolt <zsolt94@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: Git and SHA-1 security (again)
Date: Sat, 16 Jul 2016 22:03:05 +0000 [thread overview]
Message-ID: <20160716220305.GA409690@vauxhall.crustytoothpaste.net> (raw)
In-Reply-To: <CAPp-Vrb5MQw-S25sTmdeatrFv5bv2pLG_mS5=9-ew8J_GNi+kQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1932 bytes --]
On Sat, Jul 16, 2016 at 11:46:06PM +0200, Herczeg Zsolt wrote:
> Dear Brian,
>
> Thank you for your response. It very good to hear that changing the
> hash is on the git project's list. I haven't found any official
> communication on that topic since 2006.
There's been some recent discussion on the list about it. It is less on
the Git project's list and more on my personal list. It's my hope that
Junio and other contributors will decide to accept my patches when they
are ready. Also, the plan is to keep SHA-1 available, probably as the
default, for backwards compatibility.
> I'll look into the contributions guide and the source codes, to check
> if I can contribute to this transition. If you have any documentation
> or other related info, please point me towards it.
The major work at this point is turning instances of unsigned char [20]
into struct object_id, as well as converting hardcoded 20 and 40 (and
derivative values) to GIT_SHA1_RAWSZ and GIT_SHA1_HEXSZ. This work
allows us to make as little code as possible know about the size of the
hash, as well as generally being easier to maintain.
You can look at the bc/cocci branch which was recently merged into next.
(It doesn't exist independently outside of next, so you'll have to
search through the history). That work is what in my branches is called
object-id-part4. I'm currently working on getting to the point of
converting get_tree_entry to use struct object_id, which is what will
become my object-id-part5.
I recommend if you're planning on doing some of this work that you try
to avoid areas which are under work by other developers, especially the
refs code, which is undergoing massive changes. Other people will
appreciate it.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2016-07-16 22:03 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-16 13:48 Git and SHA-1 security (again) Herczeg Zsolt
2016-07-16 20:13 ` brian m. carlson
2016-07-16 21:46 ` Herczeg Zsolt
2016-07-16 22:03 ` brian m. carlson [this message]
2016-07-17 8:01 ` Johannes Schindelin
2016-07-17 14:21 ` brian m. carlson
2016-07-17 15:19 ` Duy Nguyen
2016-07-17 15:42 ` brian m. carlson
2016-07-17 16:23 ` Theodore Ts'o
2016-07-17 22:04 ` brian m. carlson
[not found] ` <1468804249.2037.0@smtp.gmail.com>
2016-07-18 1:18 ` Fwd: " Herczeg Zsolt
2016-07-18 7:12 ` Johannes Schindelin
2016-07-18 15:09 ` Herczeg Zsolt
2016-07-18 15:57 ` Johannes Schindelin
2016-07-18 16:05 ` Duy Nguyen
2016-07-19 7:18 ` Johannes Schindelin
2016-07-19 15:31 ` Duy Nguyen
2016-07-19 17:34 ` David Lang
2016-07-19 17:43 ` Duy Nguyen
2016-07-19 17:59 ` David Lang
2016-07-19 18:04 ` Duy Nguyen
2016-07-19 18:58 ` Herczeg Zsolt
2016-07-20 14:48 ` Duy Nguyen
2016-07-20 12:28 ` Johannes Schindelin
2016-07-20 14:44 ` Duy Nguyen
2016-07-20 17:10 ` Stefan Beller
2016-07-20 19:26 ` Junio C Hamano
2016-08-22 22:01 ` Philip Oakley
2016-07-18 16:12 ` Herczeg Zsolt
2016-07-19 7:21 ` Johannes Schindelin
2016-07-18 18:00 ` Junio C Hamano
2016-07-18 21:26 ` Jonathan Nieder
2016-07-18 23:03 ` brian m. carlson
2016-07-21 13:19 ` Johannes Schindelin
2016-07-21 12:53 ` Johannes Schindelin
2016-07-22 15:59 ` Junio C Hamano
2016-07-18 7:00 ` Johannes Schindelin
2016-07-18 22:44 ` brian m. carlson
2016-07-21 14:13 ` Johannes Schindelin
2016-07-18 16:51 ` Duy Nguyen
2016-07-19 7:31 ` Johannes Schindelin
2016-07-19 7:46 ` David Lang
2016-07-19 16:07 ` Duy Nguyen
2016-07-19 17:06 ` Junio C Hamano
2016-07-19 17:27 ` Duy Nguyen
2016-07-19 18:46 ` Junio C Hamano
2016-07-18 16:51 ` Ævar Arnfjörð Bjarmason
2016-07-18 17:48 ` Herczeg Zsolt
2016-07-18 20:01 ` David Lang
2016-07-18 20:02 ` Ævar Arnfjörð Bjarmason
2016-07-18 20:55 ` Junio C Hamano
2016-07-18 21:28 ` Herczeg Zsolt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160716220305.GA409690@vauxhall.crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=git@vger.kernel.org \
--cc=zsolt94@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).