>>>>> On Sat, 20 Sep 2014, hasufell wrote: >> Have these plans been abandoned, and are we now planning to >> distribute the tree to users via Git, where everything goes through >> the bottleneck of a SHA-1 sum, which was never intended as a >> security feature?
> This is a bug in git. Do you want us to wait until it is resolved? Not a bug. There are VCSs (like Subversion or Bazaar) that use simple revision numbers to identify their commits. Git happens to use a hash, which is perfectly fine as long as accidental collisions are unlikely. Neither has to do anything with security, though. Ulrich
pgpOPu8MB0aU3.pgp
Description: PGP signature
