| 1 |
On Sun, Jul 05, 2015 at 09:05:12PM -0400, Rich Freeman wrote: |
| 2 |
> All the gpg stuff really exposes the weakness of git being based on |
| 3 |
> sha1 though. I wouldn't think that it would be that hard to change |
| 4 |
> git's hash function, with the caveat that the resulting repositories |
| 5 |
> might not be backwards-compatible… |
| 6 |
|
| 7 |
If you want a Merkle DAG with flexible hashes, you may be interested |
| 8 |
in IPFS [1]. It doesn't have Git's source-control tooling yet, but it |
| 9 |
does a good job at passing around generic Merkle objects with |
| 10 |
self-identifying hashes [2]. That way you can make your hash as |
| 11 |
strong as you like, although you'll still have public-rebase style |
| 12 |
incompatibilities if you want to go back and republish an older part |
| 13 |
of the DAG with a stronger hash. |
| 14 |
|
| 15 |
Cheers, |
| 16 |
Trevor |
| 17 |
|
| 18 |
[1]: http://ipfs.io/ |
| 19 |
[2]: https://github.com/jbenet/multihash/ |
| 20 |
|
| 21 |
-- |
| 22 |
This email may be signed or encrypted with GnuPG (http://www.gnupg.org). |
| 23 |
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy |
Archives