Duy Nguyen <pclouds@xxxxxxxxx> writes: > On Fri, Jan 25, 2013 at 12:45 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote: >>> How about this way instead: we keep track of where objects come from >>> so we can verify object source when we create or update something >>> that contains SHA-1. >> >> The overall approach taken by this series may be worth considering, but >> I do not think the check implemented here is correct. >> >> An object may be found in an alternate odb but we may also have our >> own copy of the same object. You need to prove that a suspicious >> object is visible to us *ONLY* through add_submodule_odb(). > > The way alt odbs are linked (new odbs area always at the end), if we > have the same copy, their copy will never be read (we check out alt > odbs from head to tail). So those duplicate suspicious objects are > actually invisible to us. The way I read find_pack_entry() is that our heuristics to start our search by looking at the pack in which we found an object the last time will invalidate your assumption above. Am I mistaken? -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html