Adam Majer wrote:
> On 5/3/23 01:46, Felipe Contreras wrote:
> > To be honest this whole approach seems to be completely flawed to me and
> > against the whole design of git in the first place.
>
> The discussion above is mostly moot now since this has been fixed in
> later patches in this thread, AFAIK.
That particular isssue might be fixed, but that issue should never have
happened in the first place if the design was correct.
A bad design makes certain errors prone to happen, a good design makes the same
errors happen rarely, a great design makes those errors impossible.
Git was designed to make it *impossible* to confuse two commits with similar
data.
The symptom might have been fixed, that doesn't mean there's no underlying
problem.
> It's also moot for other reasons, like the hash function transition plan is
> not really implemented, yet.
The implemention of the plan isn't the problem, it's the plan itself.
> Also, this was about corner-case, like it often is.
A corner-case that should be impossible.
> > In a recent email Linus Torvalds explained why object ids were
> > calculated based {type, size, data} [1], and he explained very clearly
> > that two objects with exactly the same data are not supposed to have the
> > same id if the type is different.
>
> This is different. But aside, type + size + data are not really much
> different from just having data in a hash function.
It's completely different.
> There are plenty of hash collisions where
>
> HASH(type + size + data) == HASH(type + size + data')
>
> by definition of how these functions work. The problem is always in
> finding these collisions. But anyway...
I don't think you understand why Linus Torvalds chose to hash objects.
> > In my view one repository should be able to have part SHA-1 history,
> > part SHA3-256 history, and part BLAKE2b history.
>
> Yes, that would be great. Please provide patch series for this :-)
I have hundreds of patches being ignored, why would I write yet another patch
series that will be ignored?
> > I have not been following the SHA-1 -> OID discussions, but I
> > distinctively recall Linus Torvalds mentioning that the choice of using
> > SHA-1 wasn't even for security purposes, it was to ensure integrity.
>
> These are different sides of the same coin. Hashes are used to provide
> integrity. Hashes like MD4, MD5, SHA1, SHA256 are there for integrity.
> Some of these are no longer recommended and some are completely broken.
There are different philosophical views of what "security" means, and it seems
pretty clear to me that your view does not align with the view of Linus
Torvalds.
> > Better the SHA-1 you know, than the SHA-256 you don't.
>
> Wrong conclusion ;) Also, we know SHA-256
You don't understand what is being said.
Which hash is more trustworthy?
a. 69c786637d7a7fe3b2b8f7d989af095f5f49c3a8
b. d891b12414e1d9331f8cbb15acfe690671974f27ba76e2b423294cfb7a055f2f
If you answer b just beacuse it's SHA-256 you don't understand security.
b is a random commit I generated, a is the current git.git master.
A SHA-1 hash from a source you trust is inifinitely more trustworthy than a
random SHA-256 hash. Even a known MD5 hash is better in this respect.
> Keep in mind -- hashes are there for object reference.
No. I don't think you understand why Linus Torvalds used hashes.
> If you have SHA1 repo, you can calculate a SHA256 or whatever hash for any
> type object.
I know it *can* be done, I understand how hash algorithms work, but just
because something *can* be done doesn't mean it *should*.
You *can* generate a SHA-1 of a blob's data, instead of a SHA-1 of a blob's
`type + size + data`, does that mean we should? No.
> Finally, let not have a "bike shed" discussion about this.
Discussing the original design of git's object storage which has withstood the
test of time for 18 years is not "bike sheding".
I don't even think you understand what I'm trying to say.
---
Why do you think these commands generate different hashes?
git hash-object -t blob /dev/null
git hash-object -t tree /dev/null
--
Felipe Contreras
