Sorry if I'm dropping in at the wrong point (this is one I'd bookmarked)..
From: "Duy Nguyen" <pclo...@gmail.com>
Sent: Wednesday, July 20, 2016 3:44 PM
On Wed, Jul 20, 2016 at 2:28 PM, Johannes Schindelin
<johannes.schinde...@gmx.de> wrote:
But that strategy *still* ignores the distributed nature of Git. Just
because *you* make that merge at a certain point does not necessarily
mean
that I make it at that point, too.
Any approach that tries to have one single point of conversion will most
likely fall short of a solution.
OK I see the difference in our views now. To me an sha256 repo would
see an sha1 repo as a _foreign_ DVCS, pretty much like git sees
mercurial now. So a transition from sha1 to sha256 is not that
different from cvs -> svn -> a dvcs bubble -> git.
I think that within Git, that it is possible to have inter-workability (for
those parts that negotiate) between instances with different views about the
availability of two hash types. Fetch/push negotiation is a normal part of
working with a remote.
To be honest, I am less concerned about the GPG-signed commits (after
all,
after switching to a more secure hash algorithm, a maintainer could
cross-sign all signed commits, or only the branch tips or tags, as new
tags, to reinstitute trust).
I am much more concerned about references to commits, both inside and
outside the repository. That is, if I read anywhere on the internet about
Git having added support for `git add --chmod=+x <file>` in 4e55ed3 (add:
add --chmod=+x / --chmod=-x options, 2016-05-31), I want to find that
commit by that reference.
And I am of course concerned what should happen if a user wants to fetch
from, or push to, a SHA-1-hashed remote repository into, or from, a
SHA-256-hashed local one.
to follow the above, in my view, interaction with sha1 repos go
through some conversion bridges like what we have with hg and svn. I
don't know if we are going this route. It's certainly simpler and
people already have experiences (from previous migration) to prepare
for it.
--
The main thought was that rather than worrying about which advanced hash to
pick (with all the arguments that entails), rather it is worth reducing the
problem space to create a 'toy problem', to look at the interaction issues.
For the toy problem view we'd keep the current oid length (so that the
transmission formats don't change size), however we swap the old-new to make
sha1 the new hash and use an older shorter hash (e.g. md5) to investigate
the transition from a short to long hash.
Keeping it as a 'toy problem' avoids folks having too much invested in the
new hash choice, rather the interworking can be more easily sorted, and some
issue can be punted on (e.g. the choice of salt to extend the md5 to the
sha1, and collisions therein).
--
Philip
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
