Josef Wolf <jw <at> raven.inka.de> writes: > > Hello, > > we all know, the probability for SHA-1 collisions is very, very low, almost > non-existant. But we also know that they are not impossible. > > Just for curiosity: what would happen if such a collision would occur within > one repository? > In a sense, this cannot happen. Suppose you have a new working directory. You do a "git init" to initialize it for use by git. You then copy in a bunch of data from elsewhere. By chance, files "a" and "b" have different content, but the same sha1 (they collide). The "git add ." command is basically a short cut for doing something like: for i in *;do git add $i;done That is, it seems to add each file, one at a time in some order. Suppose it creates the sha1 for "a" first. It then creates the appropriate "stuff" for file "a" in the .git subdirectory, based on the sha1 value. Now, it gets around to processing "b". It gets the sha1 value of b and finds that it already has an entry for that value. At that point, the "git add" thinks "Oh, I've already processed this file. No need to do anything!" So the contents of file "b" are not saved anywhere in git and, bottom line, that version of "b" will not be in the git repository. Ever. Because "a" already has that SHA1 "tied up" and it is (theoretically) never released. I think of the SHA1 value being a unique key into a "write once" database. Once you've added some content (a file) into the database, then the SHA1 value of that content (file) is unmodifiable. Attempts to write another record into the database is rejected (in a read DB, you'd get some sort of DUPLICATE KEY response). Git considers the "duplicate key" to be just fine because it ASSUMES that the SHA1 is unique to the first file (content) which generates it. Hope I made sense. John -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html