On Tue, 2010-08-03 at 08:10 +0200, Kevin Kofler wrote: > I'm not talking about intentional collisions, I'm talking about accidental > collisions, which ALL hash algorithms are vulnerable to, no matter how > strong. Hashes are inherently non-injective and mathematically CANNOT be > otherwise. Now the probability of an accidental collision is very low, but > it is not zero, so the algorithm is unreliable. And low probabilities add up > the more projects use DVCSes. Sooner or later some project will be hit by a > collision. You might like this article: http://valerieaurora.org/review/hash.html I'm willing to accept the miniscule probability of a collision. If you aren't, I have some other windmills for you to tilt at. > And the shorter the hash, the more likely a collision (exponentially!), so > the "abbreviated hashes" git uses are particularly collision-prone. True; for that reason, I avoid using them for anything permanent. > > The problems with CVS were amply explained there, but it's less clear to > > me whether there were compelling reasons to choose git over (e.g.) SVN + > > git-svn or the people involved just happened to like distributed version > > control, as I do. > > Sure they do, but the problem is that they're FORCING their preference onto > everyone That's not strictly true: you're welcome to write svn-git. But the point is taken, and that's why I invited clarification as to the reasons for choosing git. > Sadly, more and more projects are getting infected by the git virus, KDE is > also moving to git, several other upstream projects already did. :-( This is unsubstantiated flamebait. -- Matt -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
