From: Hans Petter Selasky <hps@selasky.org>
To: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Cc: rsbecker@nexbridge.com, git@vger.kernel.org
Subject: Re: Gitorious should use CRC128 / 256 / 512 instead of SHA-1
Date: Fri, 13 Jan 2023 17:44:03 +0100 [thread overview]
Message-ID: <7a51b925-cb0a-4b48-fc14-171006f73298@selasky.org> (raw)
In-Reply-To: <20230113163619.4ab5oyqyjrthxrwv@meerkat.local>
On 1/13/23 17:36, Konstantin Ryabitsev wrote:
> I'm not sure what you mean here, but git is certainly not zero-trust. When you
> clone linux.git from git.kernel.org, you're very much trusting that:
>
> - I (or members of my team) didn't mess with the repository
> - Linus (or someone who hacked his laptop) didn't mess with the repository
>
> Git is tamper-evident, not tamper-proof, so by definition it cannot be
> zero-trust.
Hi,
By using a cryptographic hash algorithm, the goal is to avoid tampering
you say, like tampering on the internet, ISP, cache node and so on. To
me that's clearly a zero-trust thought. You don't trust the guy(s) that
put down the infrastructure, neither those that provide that local cache
for the GIT repository, only the master repository. SHA-1 gives a
certain confidence, that if you checkout XXXXXXX, then you get a likely
expected result with reduced possibility of tampering.
Anyone could intercept a CRC protected blob and re-compute the hash and
send it on. But not a SHA-1 one.
I on the other hand trust the guys that put down the internet and are
providing the cache nodes for GIT.
It's two different world views.
--HPS
next prev parent reply other threads:[~2023-01-13 16:46 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-13 12:59 Gitorious should use CRC128 / 256 / 512 instead of SHA-1 Hans Petter Selasky
2023-01-13 13:30 ` Konstantin Khomoutov
2023-01-13 13:39 ` Hans Petter Selasky
2023-01-13 14:21 ` rsbecker
2023-01-13 14:42 ` Hans Petter Selasky
2023-01-13 15:45 ` Konstantin Ryabitsev
2023-01-13 15:50 ` Hans Petter Selasky
2023-01-13 15:56 ` rsbecker
2023-01-13 16:02 ` Hans Petter Selasky
2023-01-13 15:54 ` Hans Petter Selasky
2023-01-13 16:02 ` Konstantin Ryabitsev
2023-01-13 16:06 ` Hans Petter Selasky
2023-01-13 16:18 ` Hans Petter Selasky
2023-01-13 16:36 ` Konstantin Ryabitsev
2023-01-13 16:44 ` Hans Petter Selasky [this message]
2023-01-13 16:49 ` Konstantin Ryabitsev
2023-01-13 16:51 ` Hans Petter Selasky
2023-01-13 16:27 ` Konstantin Ryabitsev
2023-01-13 16:30 ` Hans Petter Selasky
2023-01-13 16:35 ` Hans Petter Selasky
2023-01-13 16:41 ` Konstantin Ryabitsev
2023-01-13 16:45 ` Hans Petter Selasky
2023-01-13 15:15 ` Hans Petter Selasky
2023-01-13 17:44 ` Philip Oakley
2023-01-13 15:30 ` Konstantin Khomoutov
2023-01-13 15:39 ` Konstantin Ryabitsev
2023-01-13 13:23 Hans Petter Selasky
2023-01-14 23:59 ` brian m. carlson
2023-01-15 3:14 ` Junio C Hamano
2023-01-15 10:09 ` demerphq
2023-01-16 7:21 ` Hans Petter Selasky
2023-01-16 7:23 ` Hans Petter Selasky
2023-01-16 12:34 ` rsbecker
2023-01-16 14:01 ` Hans Petter Selasky
2023-01-16 15:06 ` Junio C Hamano
2023-01-15 13:53 ` Michal Suchánek
2023-01-16 7:17 ` Hans Petter Selasky
2023-01-16 9:13 ` Michal Suchánek
2023-01-16 9:55 ` Hans Petter Selasky
2023-01-16 12:31 ` rsbecker
2023-01-16 14:10 ` Hans Petter Selasky
2023-01-16 19:08 ` Michal Suchánek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7a51b925-cb0a-4b48-fc14-171006f73298@selasky.org \
--to=hps@selasky.org \
--cc=git@vger.kernel.org \
--cc=konstantin@linuxfoundation.org \
--cc=rsbecker@nexbridge.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).