On 24 February 2017 at 20:20, Junio C Hamano <gits...@pobox.com> wrote: > Stefan Beller <sbel...@google.com> writes: > >> On Fri, Feb 24, 2017 at 10:14 AM, Junio C Hamano <gits...@pobox.com> wrote: >> >>> you are inviting people to start using >>> >>> md5,54ddf8d47340e048166c45f439ce65fd >>> >>> as object names. >> >> which might even be okay for specific subsets of operations. >> (e.g. all local work including staging things, making local "fixup" commits) >> >> The addressing scheme should not be too hardcoded, we should rather >> treat it similar to the cipher schemes in pgp. The additional complexity that >> we have is the longevity of existence of things, though. > > The not-so-well-hidden agenda was exactly that we _SHOULD_ not > mimick PGP. They do not have a requirement to encourage everybody > to use the same thing because each message is encrypted/signed > independently, i.e. they do not have to chain things like we do.
But there is a scenario where supporting more hashes, in parallel, is beneficial: Let's assume that git is retroffited to always support the "default" SHA-3, but support additionally more hash-funcs. If in the future SHA-3 also gets defeated, it would be highly unlikely that the same math would also break e.g. Blake. So certain high-profile repos might choose for extra security 2 or more hashes. Apologies if I'm misusing the list, Kostis
