| 1 |
You're following the wrong train down the wrong tracks. Git [0-9a-f]{40} is |
| 2 |
to CVS 1[.][1-9][0-9]+. You're arguing that CVS is more secure because its |
| 3 |
commits are sequential numbers. |
| 4 |
|
| 5 |
On Sat, Sep 20, 2014 at 4:20 PM, Ulrich Mueller <ulm@g.o> wrote: |
| 6 |
|
| 7 |
> >>>>> On Sat, 20 Sep 2014, hasufell wrote: |
| 8 |
> |
| 9 |
> >>> This is a bug in git. Do you want us to wait until it is resolved? |
| 10 |
> >> |
| 11 |
> >> Not a bug. There are VCSs (like Subversion or Bazaar) that use simple |
| 12 |
> >> revision numbers to identify their commits. Git happens to use a hash, |
| 13 |
> >> which is perfectly fine as long as accidental collisions are unlikely. |
| 14 |
> >> Neither has to do anything with security, though. |
| 15 |
> |
| 16 |
> > Because there are other VCSs it is not a bug?? |
| 17 |
> |
| 18 |
> No, but with any other VCS we wouldn't have this discussion. Git using |
| 19 |
> SHA-1 obscures the fact that an additional security layer is needed. |
| 20 |
> This can be either a secure channel for accessing the repository |
| 21 |
> (developers pushing their commits to it), or signed Manifests that |
| 22 |
> ensure integrity of the tree distributed to users. |
| 23 |
> |
| 24 |
> > Of course it is a bug since it is in the gpg-signing chain and to |
| 25 |
> > use it in a practical way is very unlikely. |
| 26 |
> |
| 27 |
> > So you are suggesting to not migrate at all or severely break the |
| 28 |
> > workflow because someone might forge _working code_ with a specific |
| 29 |
> > SHA1? There is no efficient algorithm for that afaik, those are just |
| 30 |
> > about finding _any_ collision and even then it takes considerable |
| 31 |
> > resources that can be used to break gentoo in much easier ways. |
| 32 |
> |
| 33 |
> Weakness of SHA-1 is discussed since several years, and it is |
| 34 |
> generally recommended that one should slowly move away from it. |
| 35 |
> Therefore I would find it strange if we (in 2014!) deployed a system |
| 36 |
> relying on it, while in our present Manifest files SHA-1 was already |
| 37 |
> abandoned long time ago, in favour of more secure hashes. It looks |
| 38 |
> like a move in the wrong direction. |
| 39 |
> |
| 40 |
> Ulrich |
| 41 |
> |
Archives