SHA-1 is clearly on its way out. I know that there has been discussion in the past about moving to different algorithms. I'm not interested in having that discussion now. I'd like to introduce a set of preprocessor constants that we'd use instead of hard-coded 20s and 40s everywhere. That way, if we decide to support a different algorithm, doing so becomes significantly easier. These would be used in new code. After that, I'd like to slowly start moving existing code to use these constants. I would also like to consider, as a third step, turning all of the unsigned char[20] uses into a struct containing unsigned char[20] as its only member, like libgit2 does. This disambiguates arbitrary byte data from byte sequences being used to represent an SHA-1 ID. I'm hoping the first suggestion will be mostly unobjectionable, as having hard-coded constants is widely considered bad programming practice. I suspect the latter two will be more controversial. These changes, if implemented, would be done by hand, not by machine, and they would be bisectable. Comments? -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature