On Fri, Apr 22 2022, Junio C Hamano wrote: > Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes: > >> I wasn't able to find any on-list references to it being intentional, >> but it appears that while we made the sha1collisiondetection variant >> of SHA-1 the default in early 2017 we've never updated the OSX builds >> to do likewise. >> >> I don't know what various git packages for OSX to, but our vanilla OSX >> distribution definitely uses Apple Common Crypto, and won't detect the >> https://shattered.io attack. >> >> This series changes that, and while doing so in 2/5 updates our >> documentation and Makefile interface for the SHA-1 selection. Our >> INSTALL file was still claiming we used OpenSSL's SHA-1 by default. >> >> Then since we'd made sha1collisiondetection the default we hadn't >> changed the code's default fallback to be that, it was still >> block-sha1. Now our fallback behavior is "error" instead, which makes >> it less likely that we'll get some foot-gun like the "OSX not using >> sha1collisiondetection" again. >> >> The 4/5 and 5/5 then remove the PPC_SHA1 implementation. I submitted >> this before as [1], and the range-diff is to that submission (it >> wasn't picked up). I think it makes sense as part of this general >> SHA-1 cleanup. > > Thanks for this effort. > > I'd like to see somebody with "building Git for distributing to > macOS" background to comment (I am assuming that the mailing list > git-packagers@xxxxxxxxxxxxxxxx is the way to reach them). *Bump* in case anyone there would like to chime on this bit of OSX portability. I also sent an off-list E-Mail to Tim Harper today, and addresses which I gather (from some old git-security@ traffic) are involved in packaging the Apple Git shipped with OSX itself. In the meantime do you mind if this topic were queued up? If there are any lingering portability concerns getting it into CI and exposed to anyone else building on OSX would be a good thing. I don't see any reason for why we'd decide that OSX out of all our supported platforms should be the only one where we're not mitigating the SHAttered attack (and similar future attacks) by default. So aside from any finer details of OSX portability the direction here of building with sha1collisiondetection by default on OSX by default seems like a safe bet, just as we do on the rest of our (checks out config.mak.uname) 20+ supported platforms (per `uname -s`).
