On 2020-09-29 at 22:13:11, Jeff King wrote:
> On Tue, Sep 29, 2020 at 01:17:59AM +0000, Wu, Zhichen wrote:
> > 2. I see v2 has a capability called “object-format” that provides SHA1
> >    option. I’m wondering if that capability will be the only way for
> >    client and server to start using SHA256? Or put it as another word,
> >    will v2 protocol be the prerequisite of SHA256?
> 
> I think it would be impossible to handle object-format via v1, because
> the v1 protocol writes the ref advertisement before any capabilities are
> negotiated. So I think v1 must implicitly remain sha1-only (and a sha256
> repository on the server side would need to either reject a v1 client,
> or back-translate as it would for a v2 client which asks for sha1).

I don't think that's the case.  You can indeed use v1 with SHA-256, but
if you have a SHA-1-only Git, it will choke because the object ID is
longer than it expects.  If you want to negotiate the algorithm when we
support both and the client can't deal with translating the initial ref
advertisement, then yes, you'll need v2.

We even support SHA-256 via bundles and the DAV-based HTTP protocol, but
the latter will never support negotiation of hash algorithms because
it's based on static files.

It is required that you understand the object-format capability on the
client side to support SHA-256, since if you fail to announce it, the
default is SHA-1, and right now, the server side will produce an error
if the client doesn't announce it (or sends SHA-1 data).
-- 
brian m. carlson: Houston, Texas, US