From: Nicolas Pitre <nico@cam.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Michael Hendricks <michael@ndrix.org>, git@vger.kernel.org
Subject: Re: removing content from git history
Date: Wed, 21 Feb 2007 13:39:24 -0500 (EST) [thread overview]
Message-ID: <alpine.LRH.0.82.0702211321040.31945@xanadu.home> (raw)
In-Reply-To: <Pine.LNX.4.64.0702211009520.4043@woody.linux-foundation.org>
On Wed, 21 Feb 2007, Linus Torvalds wrote:
>
>
> On Wed, 21 Feb 2007, Nicolas Pitre wrote:
> So supermodules might be a way to solve it in a better (and safer - the
> "remove objects from the public tree" thing is very error prone, since if
> you *ever* expose the object by mistake, its now public) way. But I don't
> think the "filter out objects" thing is necessarily fundamentally flawed
> as an approach.
Well if you really wanted to do such a thing then you could use a new
object type that only serves as a stub pretending to be another object
which SHA1 would have been xyz. When referenced this object would
generate a warning indicating to the user that given object has been
excised out, but otherwise the whole reachability validation would still
work as usual.
And since this object would be distributed through standard mechanisms
then there would be no need for protocol extensions.
I don't know if this could help creating SHA1 collisions though. We've
dismissed them as highly improbable because the likelihood of a
collision to hide compromised material would most probably require a
binary blob somewhere to balance the hash and would hardly be
compilable/undetected. But with object stubs with the ability to
pretend having any possible SHA1 is in fact a nice way to hide 20-byte
binary blobs in the hash chain possibly making it "easier" to create
"useful" collisions. This is where I see a weakening of the trust
model.
Nicolas
next prev parent reply other threads:[~2007-02-21 18:39 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-21 16:45 removing content from git history Michael Hendricks
2007-02-21 16:56 ` Shawn O. Pearce
2007-02-21 17:17 ` J. Bruce Fields
2007-02-21 18:02 ` Linus Torvalds
2007-02-21 18:24 ` Linus Torvalds
2007-02-21 21:00 ` Shawn O. Pearce
2007-02-21 21:11 ` Linus Torvalds
2007-02-21 21:21 ` Shawn O. Pearce
2007-10-09 20:58 ` Bill Lear
2007-10-09 21:02 ` J. Bruce Fields
2007-10-09 22:25 ` Bill Lear
2007-10-10 14:41 ` Johannes Schindelin
2007-02-21 17:14 ` Linus Torvalds
2007-02-21 18:02 ` Nicolas Pitre
2007-02-21 18:13 ` Linus Torvalds
2007-02-21 18:39 ` Nicolas Pitre [this message]
2007-02-21 18:30 ` Michael Hendricks
2007-02-21 18:37 ` Shawn O. Pearce
2007-02-21 18:47 ` Linus Torvalds
2007-02-21 18:56 ` Linus Torvalds
2007-02-21 18:52 ` Nicolas Pitre
2007-02-21 19:01 ` Junio C Hamano
2007-02-21 19:33 ` Nicolas Pitre
2007-02-21 20:22 ` Junio C Hamano
2007-02-21 20:49 ` Nicolas Pitre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.0.82.0702211321040.31945@xanadu.home \
--to=nico@cam.org \
--cc=git@vger.kernel.org \
--cc=michael@ndrix.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.