On 2023-06-29 at 05:59:11, Junio C Hamano wrote: > Adam Majer <adamm@xxxxxxxxxxx> writes: > > > Is sha256 still considered experimental or can it be assumed to be stable? > > I do not think we would officially label SHA-256 support as "stable" > until we have good interoperability with SHA-1 repositories, but the > expectation is that we will make reasonable effort to keep migration > path for the current SHA-256 repositories, even if it turns out that > its on-disk format need to be updated, to keep the end-user data safe. I don't think that's a good position to have. I'm not working on interop more than incidentally at the moment, and to my knowledge, nobody else is, either. Absent me having substantially more free time or having my employer pay me to work on it, it is probably not happening. We desperately do want people to move away from SHA-1 to SHA-256, and as soon as there's tooling and forges to do so, we should encourage them to do so. Just because people can't interop existing SHA-1 repositories doesn't mean people can't or shouldn't build new SHA-256 repositories. -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
