On 1/13/23 14:30, Konstantin Khomoutov wrote:
On Fri, Jan 13, 2023 at 01:59:44PM +0100, Hans Petter Selasky wrote:
Currently GIT only supports cryptographic hashes for its commit tags.
[...]
https://github.com/git/git/blob/9bf691b78cf906751e65d65ba0c6ffdcd9a5a12c/Documentation/technical/hash-function-transition.txt
It's not clear why are you referring to Gitorious in your mail's subject and
then talk about Git.
Hi,
I thought that Git was short for Gitorious? My bad.
The document you refer to really highlights my concerns, that a strong
cryptographic hash algorithm is the highway to hell.
Do _not_ use a cryptographic hash for Git. Use plain good old CRC hashes.
Just imagine the consequences of finding child porn inside a 10-year old
firmware binary blob in the Linux kernel. Will you just ignore it, or
will you fix it?
That's why I say, that it must be possible to forge the hashes by default.
--HPS
