Henrique de Moraes Holschuh <hmh <at> debian.org> writes: > I do think you misunderstood my point in the hash issue. My point is not > that a full hash will not collide. The point is that the full hash as seen > in a tree received from the upstream DVCS should not see colisions, because > the collision would have happened before the colliding object was visible to > anyone retrieving that tree (and abort the operation that was trying to add > the colliding object/corrupt the repository/whatever). > > There is no mathematical misunderstanding in that AFAIK (please explain if > there is one. By private mail, if necessary).
The main mathematical issue are the probabilities involved. The probability of getting a 160-bit hash collision by chance is infinitesimally small. In a repository with less than a billion separate hashed objects the probability of getting a match for just the first 80-bit half of the hash is less than one in a million. If software reported a full 160-bit hash match for an object (that was not specially constructed using some as-yet-unknown algorithm for producing hash collisions) you could immediately rule out the possibility of such a collision having actually happened - it'd be a software bug, a hardware error or a prank by someone. Thus it's ridiculous to claim that full hashes would be needed for uniqueness in any practical versioning use. And if you want to consider theoretical questions about what'd happen in a hash collision case then that'll really depend on implementation details of the DCVS. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/loom.20110428t215601-...@post.gmane.org
