[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: On raw strings in <origin> commit field
|
From: |
Liliana Marie Prikler |
|
Subject: |
Re: On raw strings in <origin> commit field |
|
Date: |
Tue, 04 Jan 2022 06:23:23 +0100 |
|
User-agent: |
Evolution 3.42.1 |
Hi simon,
Am Dienstag, dem 04.01.2022 um 00:00 +0100 schrieb zimoun:
> [...]
>
> You are saying what I predicted you will say :-) ; here I quote
> myself:
>
> The statement «Git commit hashes do not just depend on the
> content» is wrong. [...]
>
> Sorry, I used meta-content instead of “content content”. :-) In all
> cases, that is part of the content that is hashed. Well, maybe I
> appears picky but I feel there is a fundamental misunderstanding
> somewhere. :-)
>
> [...]
> $ echo hello > hello.txt
>
> $ cat hello.txt | git hash-object --stdin
> ce013625030ba8dba906f756967f9e9ca394464a
>
> $ guix hash -S git -H sha1 -f hex hello.txt
> ce013625030ba8dba906f756967f9e9ca394464a
>
> Or using the default format and hash function, comparing Git and Nar
> serializers:
>
> $ guix hash -S nar hello.txt
> 04zwf782yjwnh3q6hz5izfd6jyip8kgw6g6yj43fiqhbyhdd0dqw
>
> $ guix hash -S git hello.txt
> 1d7bp5nmgpi5j1ikglw3l7ry7dzczlhp8wl79arl75g2kqyxiy1c
>
> The content can be one file, some files, folders, etc. or Git
> objects as Git commit object or Git tree object or whatever.
> Therefore, Git commit hash only depends on the content itself, i.e.,
> Git commit object; as explained by the pointer provided earlier in
> the thread,
>
> <https://git-scm.com/book/en/v2/Git-Internals-Git-Objects>
At some point in there (you can figure out yourself where), you are
mistakenly equating file hashes and commit hashes, which you make
comparison to other tools which only regard the files as content. One
of them is immutable for all I know, the other is subject to very
observable changes.
> Last, identifier is different from integrity checksum. Especially,
> if a collision is possible, then it invalidates the integrity
> checksum. A collision for an identifier does not matter so much
> security-wise, because it just implies that the lookup is not unique
> or that one content is unreachable. Well, collision is for sure an
> issue and can break the content-address system, even can lead to
> security troubles for extreme cases, but also for sure, it does not
> change the relation between Git commit hash and content.
"Lookup is not unique" is exactly the problem we have for robustness
with tags, however.
> Therefore, from my side, I consider it as a final word.
Fair enough, we can agree on the conclusion even if reached by
different methods.
Cheers
- Re: On raw strings in <origin> commit field, (continued)
- Re: On raw strings in <origin> commit field, zimoun, 2022/01/02
- Re: On raw strings in <origin> commit field, Liliana Marie Prikler, 2022/01/02
- Re: On raw strings in <origin> commit field, zimoun, 2022/01/03
- Re: On raw strings in <origin> commit field, Liliana Marie Prikler, 2022/01/03
- Re: On raw strings in <origin> commit field, zimoun, 2022/01/03
- Re: On raw strings in <origin> commit field, Liliana Marie Prikler, 2022/01/03
- Re: On raw strings in <origin> commit field, zimoun, 2022/01/03
- Re: On raw strings in <origin> commit field,
Liliana Marie Prikler <=
- Re: On raw strings in <origin> commit field, zimoun, 2022/01/04
- Re: On raw strings in <origin> commit field, zimoun, 2022/01/04
- Re: On raw strings in <origin> commit field, Liliana Marie Prikler, 2022/01/04
- Re: On raw strings in <origin> commit field, zimoun, 2022/01/04
Re: On raw strings in <origin> commit field, Liliana Marie Prikler, 2022/01/01
Re: On raw strings in <origin> commit field, Mark H Weaver, 2022/01/01