On Wed, Oct 15, 2014 at 11:47:07PM +0100, Ian Jackson wrote:
> Joey Hess writes ("Bug#765512: general: distrust old crypto algos and protocols perdefault"):
> > Instead, it makes sense to adapt workflows that do not trust git hashes,
> > which mostly means making signed tags and commits, and checking the
> > signatures. This is something Debian could improve in many areas, I'm
> > sure.
>
> The whole git content-addressable-object-store model relies utterly on
> the hashes. A signed tag is a (weirdly formatted) GPG-signed text
> file (the tag) containing the sha1 hash of a text file (the commit)
> containing the sha1 hash of a binary file (the tree object) containing
> the sha1 hasshes of the actual files at the top level and of further
> binary files (tree objects) containing further sha1 hashes of further
> files and further tree objects. All of these hashes are translated
> into their preimiages by looking them up in the object store.
I've expressed interest in the past for changing the hash algorithm in
Git, but the work to do so is significant. It basically means
converting every place that has a hardcoded "unsigned char[20]" and
moving it to a struct (later, a union) that can be treated more or less
opaquely.
If someone is interested in working with me on this, please let me know
off-list, and I can provide more information about this.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature