On Tue, May 21, 2019 at 1:06 AM Paul Hammant <p...@hammant.org> wrote:
> The Git folks moved to a hardened SHA1 function as an interim measure > on the way to SHA-256 - > > https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt > > I think you're generally right. While I might think that an auditor > would simply be advised of the root hash for a Merkle tree that for a > branch at a moment in time, or a tag, Subversion doesn't have a a > Merkle tree under the hood. I coded something niche to retrofit > Subversion with that, but it's not core and far from perfect as it > relies on an LRU cache and keeps no history itself. Git's merkle tree > would be perfect if it didn't blow up when repos get too big, and if > allowed clone from nodes other than root (branches and tags are in > respect of root of course). So, ignore me here Why a merkle tree? One of Subversion's strengths is its linear revision history. You could use blockchain and get financial strength audit ability.
