new hash algorithim for git and maybe a goal for Bullseye ?
Dear all,
Please CC me if anybody feels like answering.
I was shared this [1] and while it's important, it is equally
important to point out that the work isn't complete atm. From what
little I know, almost all Debian's work is now using git (there may be
some subversion, some mercurial repos) but most of the work has now
been using gitlab/salsa [2] . While some of the comments suggest that
SHA-1 is fine for now one doesn't really know. From what little I can
make out, it seems a pretty disruptive change and may have gotchas
also for the reproducible builds project. [3]
Wanna know what people think about it and if there have been plans to
discuss the same. I did take a brief look at debian-project [4] to see
if somebody had approached them for the same as something like this
might be a huge change but saw no messages about it. I am sure people
have a view on the above, this being the security list if for nothing
else.
1. https://lwn.net/SubscriberLink/811068/cfeb6a67b8dfbe47/
2. salsa.debian.org
3. https://wiki.debian.org/ReproducibleBuilds
4. https://lists.debian.org/debian-security
--
Regards,
Shirish Agarwal शिरीष अग्रवाल
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
E493 D466 6D67 59F5 1FD0 930F 870E 9A5B 5869 609C
Reply to: