On Thu, Nov 03, 2011 at 12:09:55PM -0700, Linus Torvalds wrote: > I personally dislike it, and don't really think it's a wonderful thing > at all. I really does have real downsides: > > - internal signatures really *are* a disaster for maintenance. You > can never fix them if they need fixing (and "need fixing" may well be > "you want to re-sign things after a repository format change") Note that a repository format change will break a bunch of other things as well, including references in commit descriptions ("This fixes a regression introduced in commit 42DEADBEEF") So if SHA-1 is in danger of failing in way that would threaten git's use of it (highly unlikely), we'd probably be well advised to find a way to add a new crypto checksum (i.e., SHA-256) in parallel, but keep the original SHA-1 checksum for UI purposes. > - they are ugly as heck, and you really don't want to see them in > 99.999% of all cases. So we can make them be hidden from "git log" and "gik" by default. That bit is a bit gross, I agree, but 3rd party verification really is a good thing, which I'm hoping can be added in a relatively clean fashion. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html