| 1 |
>>>>> On Sat, 20 Sep 2014, hasufell wrote: |
| 2 |
|
| 3 |
>> Have these plans been abandoned, and are we now planning to |
| 4 |
>> distribute the tree to users via Git, where everything goes through |
| 5 |
>> the bottleneck of a SHA-1 sum, which was never intended as a |
| 6 |
>> security feature? |
| 7 |
|
| 8 |
> This is a bug in git. Do you want us to wait until it is resolved? |
| 9 |
|
| 10 |
Not a bug. There are VCSs (like Subversion or Bazaar) that use simple |
| 11 |
revision numbers to identify their commits. Git happens to use a hash, |
| 12 |
which is perfectly fine as long as accidental collisions are unlikely. |
| 13 |
Neither has to do anything with security, though. |
| 14 |
|
| 15 |
Ulrich |
Archives