OK, I'm going to open this can of worms...
At what point do we migrate from SHA-1? At this point the
cryptoanalysis of SHA-1 is most likely a matter of time.
For existing repositories we will need to have a migration mechanism.
Since we can't modify objects without completely invalidating the
cryptographic properties, what I would suggest is that we leave the
existing objects as is, with a persistent lookup table from SHA-1 to
<new hash>, and have that lookup table signed (e.g. GPG) by the person
responsible for converting the repository. This freezes the
cryptographic status of the existing SHA-1 objects at the time the
conversion happens. This is a very good reason to do this before SHA-1
is actually broken In contrast. SHA-2 has been surprisingly resistant
to cryptoanalysis, to the point that SHA-3 was motivated by performance
and the desire to have a well-tested function based on entirely
different principles should a generic attack against the common
structure of MD5/SHA-1/SHA-2 would ever be found.
-hpa
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html