>>>>> On Wed, 17 Sep 2014, Aaron W. Swenson wrote: > My argument is Git using SHA-1 for checksumming is not the weakest > part of our security model.
I had always assumed that robbat2's series of GLEPs (57 to 61) would be implemented at some point. So security from the developer to the master repository would be ensured by using a secure channel for commits, and distribution from the repository to users would use secure hashes (SHA-256 or better) and gpg signatures. I didn't see any mention of this in the discussion, though. Have these plans been abandoned, and are we now planning to distribute the tree to users via Git, where everything goes through the bottleneck of a SHA-1 sum, which was never intended as a security feature? [1] If this is so, why don't we abandon all those fancy SHA-512s and WHIRLPOOLs in our Manifest files, and replace them by a single SHA-1? Altogether, this would save about 50 MB of space in the tree. :) Ulrich [1] Tech Talk: Linus Torvalds on git: "[...] the point is the SHA-1, as far as Git is concerned, isn't even a security feature. It's purely a consistency check. [...] It has nothing at all to do with security, it's just the best hash you can get." https://www.youtube.com/watch?v=4XpnKHJAok8&t=56m20s
pgpkJtpjFQVzO.pgp
Description: PGP signature
