Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes:
> That whole "verify no SHA1 hash collision" code is really pretty damn
> paranoid. Maybe we shouldn't have it enabled by default.
>
> So how about this updated patch? We could certainly make "git pull" imply
> "--paranoid" if we want to, but even that is likely pretty unnecessary.
> It's not like anybody has ever shown a SHA1 collision, and if the *local*
> repository is corrupt (and has an object with the wrong SHA1 - that's what
> the testsuite checks for), then it's probably good to get the valid object
> from the remote..
I agree with that reasoning. We did not do paranoid in git-pull
long after we introduced the .keep thing anyway, so I do not
think the following patch is even needed, but I am throwing it
out just for discussion.
diff --git a/fetch-pack.c b/fetch-pack.c
index 06f4aec..c687f9f 100644
--- a/fetch-pack.c
+++ b/fetch-pack.c
@@ -522,6 +522,7 @@ static int get_pack(int xd[2])
if (do_keep) {
*av++ = "index-pack";
+ *av++ = "--paranoid";
*av++ = "--stdin";
if (!quiet && !no_progress)
*av++ = "-v";
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html