Handover, Make

2005-07-27 Thread Brian O'Mahoney 
First, congratulations Junio, on taking over this stuff, and all the best.

Second, the killer argument, in the 'Recursive Make ... harmful' is the
basic one that Recursive Makes breaks up the dependancy graph, and
almost guarentees that it is wrong unless you do a lot of work to fix
that artifact. Now git is small enough that make clean; make won't take
too long but git is also a basis for other layers, so there is good
reason to try to get it right.

-- 
mit freundlichen Grüßen, Brian.

-
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: SHA1 hash safety

2005-04-16 Thread Brian O'Mahoney 
Three points:
(1) I _have_ seen real-life collisions with MD5, in the context of
Document management systems containing ~10^6 ms-WORD documents.
(2) The HMAC (ethernet-harware-address) of any interface _should_
help to make a unique Id.
(3) While I havn't looked at the details of the plumbing, this is
the time to make sure we can, easily, drop in SHA-160, SHA-256
(or whatever comes from NIST) when needed.


David Lang wrote:
 On Sat, 16 Apr 2005, Ingo Molnar wrote:
 
 * David Lang [EMAIL PROTECTED] wrote:

 this issue was raised a few days ago in the context of someone
 tampering with the files and it was decided that the extra checks were
 good enough to prevent this (at least for now), but what about
 accidental collisions?

 if I am understanding things right the objects get saved in the
 filesystem in filenames that are the SHA1 hash. of two legitimate
 files have the same hash I don't see any way for both of them to
 exist.

 yes the risk of any two files having the same has is low, but in the
 earlier thread someone chimed in and said that they had two files on
 their system that had the same hash..


 you can add -DCOLLISION_CHECK to Makefile:CFLAGS to turn on collision
 checking (disabled currently). If there indeed exist two files that have
 different content but the same hash, could someone send those two files?
 
 
 remember that the flap over SHA1 being 'broken' a couple weeks ago was
 not from researchers finding multiple files with the same hash, but
 finding that it was more likly then expected that files would have the
 same hash.
 
 there was qa discussion on LKML within the last year about useing MD5
 hashes for identifying unique filesystem blocks (with the idea of being
 able to merge identical blocks) and in that discussion it was pointed
 out that collisions are a known real-life issue.
 
 so if collision detection is turned on in git, does that make it error
 out if it runs into a second file with the same hash, or does it do
 something else?
 
 David Lang
 

-- 
Brian
-
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: fix mktemp (remove mktemp ;)

2005-04-16 Thread Brian O'Mahoney 
No, you have to:
(a) create a unique, pid specific file name /var/tmp/myapp.$$.xyzzy
(b) create it in O_EXCL mode, so you wont smash another's held lock

(b-1) It worked, OK

(b-2) open failed, try ...xyzzz

repeat until (b-1)

There are thousands of examples of how to do this with bash.

Paul Jackson wrote:
 Dave wrote:
 
mktemp is being used here to provide randomness in the filename,
not just a uniqueness.
 
 
 Ok - useful point.
 
 How about:
 
   t=${TMPDIR:-/usr/tmp}/gitdiff.$$.$RANDOM
 
 
all an attacker has to do is create 65535 symlinks in /usr/tmp

the point of the xyzzy seed is to make creating all possible files
in-feasable.

 
 
 And how about if I removed the tmp files at the top:
 
   t=${TMPDIR:-/usr/tmp}/gitdiff.$$.$RANDOM
   trap 'rm -fr $t.?; trap 0; exit 0' 0 1 2 3 15
   rm -fr $t.?
 
   ... rest of script ...
 
 How close does that come to providing the same level of safety, while
 remaining portable over a wider range of systems, and not requiring that
 a separate command be forked?
 
 
I'd suggest fixing your distributions ...
 
 
 It's not just my distro; it's the distros of all git users.
 
 If apps can avoid depending on inessential details of their
 environment, that's friendlier to all concerned.
 
 And actually my distro is fine - it's just that I am running an old
 version of it on one of my systems.  Newer versions of the mktemp -t
 option.
 

-- 
mit freundlichen Grüßen, Brian.

Dr. Brian O'Mahoney
Mobile +41 (0)79 334 8035 Email: [EMAIL PROTECTED]
Bleicherstrasse 25, CH-8953 Dietikon, Switzerland
PGP Key fingerprint = 33 41 A2 DE 35 7C CE 5D  F5 14 39 C9 6D 38 56 D5
-
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html