On Mon, Oct 15, 2012 at 07:09:52PM -0700, Shawn O. Pearce wrote: > On Mon, Oct 15, 2012 at 11:56 AM, Jeff King <peff@xxxxxxxx> wrote: > > Right. The only thing that needs locking is the refs, because the object > > database is add-only for normal operations, and by definition collisions > > mean you have the same content (or are astronomically unlucky, but your > > consolation prize is that you can write a paper on how you found a sha1 > > collision). > > Its worth nothing that a SHA-1 collision can be identified at the > server because the server performs a byte-for-byte compare of both > copies of the object to make sure they match exactly in every way. Its > not fast, but its safe. :-) Do we? I thought early versions of git did that, but we did not double-check collisions any more for performance reasons. You don't happen to remember where that code is, do you (not that it really matters, but I am just curious)? -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html