Junio C Hamano <gitster@xxxxxxxxx> writes: > Jonathan Nieder <jrnieder@xxxxxxxxx> writes: > >> Treating generation numbers as derived data (as in Jeff King's >> preferred design, if I have understood his replies correctly) would >> also be possible but it does not interact well with shallow clone or >> narrow clone. > > Just like we have skewed committer timestamps, there is no reason to > believe that generation numbers embedded in objects are trustable, > and there is no way for narrow clients to even verify their correctness. > > So I agree with Peff that having generation numbers in object is > pointless; I agree any other derivables like corresponding sha-1 > name is also pointless to have. > > This is a tangent, but it may be fine for a shallow clone to treat > the cut-off points in the history as if they are root commits and > compute generation numbers locally, just like everybody else does. > As generation numbers won't have to be global (because we will not > be embedding them in objects), nobody gets hurt if they do not match > across repositories---just like often-mentioned rename detection > cache, it can be kept as a mere local performance aid and does not > have to participate in the object model. > >> All that said, for simplicity I still lean against including >> generation numbers as part of a hash function transition. > > Good. In the proposed transition plan, the treatment of various signatures (deliberately) makes the conversion not quite roundtrip. When existing SHA-1 history in individual clones are converted to NewHash, we obviously cannot re-sign the corresponding NewHash contents with the same PGP key, so these converted objects will carry only signature on SHA-1 contents. They can still be validated when they are exported back to SHA-1 world via the fetch/push protocol, and can be validated locally by converting them back to SHA-1 contents and then passing the result to gpgv. The plan also states, if I remember what I read correctly, that newly created and signed objects (this includes signed commits and signed tags; mergetags merely carry over what the tag object that was merged was signed with, so we do not have to worry about them unless the resulting commit that has mergetag is signed itself, but that is already covered by how we handle signed commits) would be signed both for NewHash contents and its corresponding SHA-1 contents (after internally convering it to SHA-1 contents). That would allow us to strip the signature over NewHash contents and derive the SHA-1 contents to be shown to the outside world while migration is going on and I'd imagine it would be a good practice; it would allow us to sign something that allows everybody to verify, when some participants of the project are not yet NewHash capable. But the signing over SHA-1 contents has to stop at some point, when everybody's Git becomes completely unaware of SHA-1. We may want to have a guideline in the transition plan to (1) encourage signing for both for quite some time, and (2) the criteria for us to decide when to stop. Thanks.
