On Mon, Nov 24, 2014 at 11:15:34AM +0100, Michael J Gruber wrote: > > I wonder if we can have an option to sign all blob content of the tree > > associated to a commit, and the content of parent commit(s). It's more > > expensive than signing just commit/tag content. But it's also safer > > without completely ditching SHA-1. > > > > This amounts to hashing the blob content with whatever hash you told > your gpg to use (hopefully not sha1 ;) ) and signing that. Right. You could also create a graph of SHA-256 (or whatever) object hashes and sign that. I.e., create a parallel to git's trees using SHA-256 and include a single: object-256 .... line in the tag header. That still involves re-hashing all of the data, but it would at least be possible to cache (i.e., a mapping of SHA-1 to SHA-256 hashes). Of course one way to keep that caching layer up to date would be to just calculate the SHA-256 along with the SHA-1 whenever we create an object. And then you can sprinkle SHA-256 links in other places, too, like commit objects. And now you are halfway down the road to a combined SHA-1/SHA-256 git. :) The tricky thing is fitting the extra hash into the tree objects. And of course the rules for actually generating and/or sending extra objects. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html