On Sun, 20 Oct 2013, Duy Nguyen wrote: > On Sat, Oct 19, 2013 at 9:41 PM, Nicolas Pitre <nico@xxxxxxxxxxx> wrote: > > On Sat, 19 Oct 2013, Duy Nguyen wrote: > > The SHA1 used in the name of the pack file is actually the SHA1 checksum > > of the SHA1 table. > > > > The path and ident tables are already protected by the CRC32 in the zlib > > deflated stream. > > > > Normal objects are also zlib deflated (except for their header) but you > > need to inflate them in order to have this CRC verified, which the pack > > data copy tries to avoid. Hence the separate CRC32 in the index file in > > that case. > > OK slight change in the subject, what about reading code (i.e. > sha1_file.c)? With v2 crc32 is verified by object inflate code. With > v4 trees or commits, because we store some (or all) data outside of > the deflated stream, we will not benefit from crc32 verifcation > previously done for all trees and commits. Should we perform explict > crc32 check when reading v4 trees and commits (and maybe verify the > sha-1 table too)? I suppose that we should... at some point. I did the SHA1 table check only for index-pack and unpack-objects in my latest patch. Adding it to check_packed_git_idx() as well should be trivial. I'm not sure about the best way to do systematic checks on tree objects though. We have both the CRC32 recorded in the index file and the object SHA1 recorded in the SHA1 table. But any of them needs to be computed as we walk the object and we currently havn't found the best way to do that yet. So I'd suggest postponing this until the tree walk is properly implemented to perform well first. Nicolas -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html