On Tue, 19 Jul 2016, Johannes Schindelin wrote:
Hi Duy,
On Mon, 18 Jul 2016, Duy Nguyen wrote:
On Sun, Jul 17, 2016 at 4:21 PM, brian m. carlson
<sandals@xxxxxxxxxxxxxxxxxxxx> wrote:
I'm going to end up having to do something similar because of the issue
of submodules. Submodules may still be SHA-1, while the main repo may
be a newer hash.
Or even the other way around, main repo is one with sha1 while
submodule is on sha256. I wonder if we should address this separately
(and even in parallel with sha256 support), making submodules work
with an any external VCS system (that supports some basic operations
we define).
It is safe to assume that any project using a submodule with a more secure
hash would require Git tooling capable of said hash. It would hence make
no sense to use SHA-1 for the super project.
So I do not believe that we have to support the use case of a SHA-1-based
project using SHA-256-based submodules.
they have different upstreams, what if the upstream of the submodule has
upgraded and is using signed commits of the sha-256 but the upstream of the
parent hasn't and is using signed commits of sha1?
David Lang
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html