On Sun, Dec 13, 2020 at 01:05:38AM +0000, brian m. carlson wrote: > Note that this is not perfect, because a user can simply look up all the > hashed values and find out the old values. However, for projects which > wish to adopt the feature, it can be somewhat effective to hash all > existing mailmap entries and include some no-op entries from other > contributors as well, so as to make this process less convenient. I remain unconvinced of the value of any noop entries. Ultimately it's easy to invert a one-way hash that comes from a small known set of inputs. And that's true whether there are extra noops or not. The interesting argument IMHO is that somebody has to _bother_ to invert the hash. So it means that the old and new identities do not show up next to each other in a file indexed by search engines, etc. That drops the low-hanging fruit. And from that argument, I think the obvious question becomes: is it worth using a real one-way function, as opposed to just obscuring the raw bytes (which Ævar went into in more detail). I don't have a strong opinion either way (the obvious one in favor is that it's less expensive to do so; and something like "git log" will have to either compute a lot of these hashes, or cache the hash computations internally). I think somebody also mentioned that there's value in the social signaling here, and I agree with that. But that is true even for a reversible encoding, I think. -Peff
