archive mirror
 help / color / mirror / Atom feed
From: "Ævar Arnfjörð Bjarmason" <>
To: "brian m. carlson" <>
Subject: Is the sha256 object format experimental or not?
Date: Mon, 10 May 2021 14:22:00 +0200	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Sun, May 09 2021, brian m. carlson wrote:

> [[PGP Signed Part:Undecided]]
> On 2021-05-08 at 02:22:25, wrote:
>> Hi Everybody,
>> I was reading through the
>> Documentation/technical/hash-function-transition.txt doc and realized
>> that the plan is to support allowing BOTH SHA1 and SHA256 signatures to
>> exist in a single object:
>> > Signed Commits
>> > 1. using SHA-1 only, as in existing signed commit objects
>> > 2. using both SHA-1 and SHA-256, by using both gpgsig-sha256 and gpgsig
>> >   fields.
>> > 3. using only SHA-256, by only using the gpgsig-sha256 field.
>> > 
>> > Signed Tags
>> > 1. using SHA-1 only, as in existing signed tag objects
>> > 2. using both SHA-1 and SHA-256, by using gpgsig-sha256 and an in-body
>> >   signature.
>> > 3. using only SHA-256, by only using the gpgsig-sha256 field.
> Yes, this is the case.  We have tests for this case.
>> The design that I'm working on only supports a single signature that
>> uses a combination of fields: one 'signtype', zero or more 'signoption'
>> and one 'sign' in objects. I am thinking that the best thing to do is
>> replace the gpgsig-sha256 fields in objects and allow old gpgsig (commits)
>> and in-body (tags) signatures to co-exist along side to give the same
>> functionality.
> You can't do that.  SHA-256 repositories already exist and that would
> break compatibility.

From memory this is at least the second time you've brought up this
point on-list.

My feeling is that almost nobody's using sha256 currently, and we have a
very prominent ALL CAPS warning saying the format is experimental and
may change, see ff233d8dda1 (Documentation: mark
`--object-format=sha256` as experimental, 2020-08-16).

I agree with the docs as they stand, and don't think we should hold back
on changing the object format for sha256 in general if there's a
compelling reason to do so.

Whether this suggested change has a compelling reason is another matter
(I haven't reviewed it).

But it seems to me that if the main person pushing the sha256 effort
disagrees with the content of
Documentation/object-format-disclaimer.txt, we'd be better off at this
point discussing a patch to change the wording there to something to the
effect that we consider the format set in stone at this point.

  reply	other threads:[~2021-05-10 12:52 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-08  2:22 Preserving the ability to have both SHA1 and SHA256 signatures dwh
2021-05-08  6:39 ` Christian Couder
2021-05-08  6:56   ` Junio C Hamano
2021-05-08  8:03     ` Felipe Contreras
2021-05-08 10:11       ` Stefan Moch
2021-05-08 11:12         ` Junio C Hamano
2021-05-09  0:19 ` brian m. carlson
2021-05-10 12:22   ` Ævar Arnfjörð Bjarmason [this message]
2021-05-10 22:42     ` Is the sha256 object format experimental or not? brian m. carlson
2021-05-13 20:29       ` dwh
2021-05-13 20:49         ` Konstantin Ryabitsev
2021-05-13 23:47           ` dwh
2021-05-14 13:45             ` Konstantin Ryabitsev
2021-05-14 17:39               ` dwh
2021-05-13 21:03         ` Junio C Hamano
2021-05-13 23:26           ` dwh
2021-05-14  8:49           ` Ævar Arnfjörð Bjarmason
2021-05-14 18:10             ` dwh
2021-05-18  5:32         ` Jonathan Nieder

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).