On Sat, Oct 19, 2013 at 9:41 PM, Nicolas Pitre <nico@xxxxxxxxxxx> wrote: > On Sat, 19 Oct 2013, Duy Nguyen wrote: > The SHA1 used in the name of the pack file is actually the SHA1 checksum > of the SHA1 table. > > The path and ident tables are already protected by the CRC32 in the zlib > deflated stream. > > Normal objects are also zlib deflated (except for their header) but you > need to inflate them in order to have this CRC verified, which the pack > data copy tries to avoid. Hence the separate CRC32 in the index file in > that case. OK slight change in the subject, what about reading code (i.e. sha1_file.c)? With v2 crc32 is verified by object inflate code. With v4 trees or commits, because we store some (or all) data outside of the deflated stream, we will not benefit from crc32 verifcation previously done for all trees and commits. Should we perform explict crc32 check when reading v4 trees and commits (and maybe verify the sha-1 table too)? -- Duy -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html