"brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: > On 2023-06-29 at 05:59:11, Junio C Hamano wrote: >> Adam Majer <adamm@xxxxxxxxxxx> writes: >> >> > Is sha256 still considered experimental or can it be assumed to be stable? >> >> I do not think we would officially label SHA-256 support as "stable" >> until we have good interoperability with SHA-1 repositories, but the >> expectation is that we will make reasonable effort to keep migration >> path for the current SHA-256 repositories, even if it turns out that >> its on-disk format need to be updated, to keep the end-user data safe. > > I don't think that's a good position to have. > We desperately do want people to move away from SHA-1 to SHA-256, and as > soon as there's tooling and forges to do so, we should encourage them to > do so. I agree that it is good to ensure that SHA-256 support is good enough to start new projects with. > Just because people can't interop existing SHA-1 repositories > doesn't mean people can't or shouldn't build new SHA-256 repositories. True, and our messaging should avoid scaring them away from doing so. But isn't the lack of interoperability one of the reasons why GitHub and Gitlab do not yet offer choice of the hash? There certainly is a chicken-and-egg problem here.
