1 |
On Sun, Jul 05, 2015 at 09:05:12PM -0400, Rich Freeman wrote: |
2 |
> All the gpg stuff really exposes the weakness of git being based on |
3 |
> sha1 though. I wouldn't think that it would be that hard to change |
4 |
> git's hash function, with the caveat that the resulting repositories |
5 |
> might not be backwards-compatible… |
6 |
|
7 |
If you want a Merkle DAG with flexible hashes, you may be interested |
8 |
in IPFS [1]. It doesn't have Git's source-control tooling yet, but it |
9 |
does a good job at passing around generic Merkle objects with |
10 |
self-identifying hashes [2]. That way you can make your hash as |
11 |
strong as you like, although you'll still have public-rebase style |
12 |
incompatibilities if you want to go back and republish an older part |
13 |
of the DAG with a stronger hash. |
14 |
|
15 |
Cheers, |
16 |
Trevor |
17 |
|
18 |
[1]: http://ipfs.io/ |
19 |
[2]: https://github.com/jbenet/multihash/ |
20 |
|
21 |
-- |
22 |
This email may be signed or encrypted with GnuPG (http://www.gnupg.org). |
23 |
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy |