Re: Gitorious should use CRC128 / 256 / 512 instead of SHA-1

From: Junio C Hamano <gitster@pobox.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: Hans Petter Selasky <hps@selasky.org>, git@vger.kernel.org
Subject: Re: Gitorious should use CRC128 / 256 / 512 instead of SHA-1
Date: Sat, 14 Jan 2023 19:14:37 -0800	[thread overview]
Message-ID: <xmqqk01oij4y.fsf@gitster.g> (raw)
In-Reply-To: <Y8NB21PExmifhyeQ@tapette.crustytoothpaste.net> (brian m. carlson's message of "Sat, 14 Jan 2023 23:59:23 +0000")

"brian m. carlson" <sandals@crustytoothpaste.net> writes:

>> 3) Illicit contents may be present in binary blobs, which in the future may
>> be need to be removed without warrant and the only way to do that is by
>> rebasing and force pushing, which will break "everything". It can be
>> everything from child-porn to expired distribution licenses.
>
> This is a problem in every Merkle tree-like system.  Most repositories
> have some sort of code review or access control that prevents people
> from generally pushing inappropriate content.  For example, if somebody
> proposed to push any sort of pornography or other inappropriate content
> (e.g., a racist screed) to one of my repositories or one of my
> employer's, I'd refuse to approve or merge such a change, because
> that wouldn't be appropriate for the repository.
>
> I don't feel this is enough of a problem that using a Merkle tree-like
> construction is a bad idea, given the benefits it offers.

While I agree with the primary thrust of your argument, this one is
a bit tricky to reason about.  External rules change and can declare
what has been accepted as appropriate inappropriate on a whim, long
after you reviewed the material coming into your history and decided
it was perfectly fine, under the then-prevailing definition of what
is and isn't appropriate.