On 7/7/24 21:53, Russ Allbery wrote:
Adam Majer <adamm@zombino.com> writes:IFF moving to SHA256 repos is impossible because no one cares to fix it, then at very least these tags must use additional hashing for purposes of tree verification.I consider it an ethical obligation as someone who works in security to object whenever people make these types of absolute statements about security properties. Security is almost always a trade off. You can usually get more security by trading off functionality, up to the obvious end point of securing a computer by turning it off. The best point to occupy on that trade-off curve is a hard question that always involves more factors than only security.
It was not an absolute statement, but simply a consequence where I tend to trust NIST recommendation over handwaving arguments. This is especially true since I'm no cryptographer and have to rely on other experts for these recommendations.
Furthermore, did you read what was written in the Bitcoin repo link? It's simply adding a hash to the signed tag. Since this proposal here for push-to-upload is to use a script to generate the tag anyway, adding additional hash to the message is kind of a "no-brainer" --- it doesn't cost anything!
Anyway, I've been forwarded this commit in git upstream recently. https://github.com/git/git/commit/6ccf041d1d73d69d05118f739c80f83c86caf0d6 Best, - Adam