On Tue, Jun 6, 2017 at 6:45 PM, Stefan Beller <sbel...@google.com> wrote: > On Tue, Jun 6, 2017 at 3:22 PM, Johannes Schindelin > <johannes.schinde...@gmx.de> wrote: >> >> 4) we still have the problem that there is no cryptography expert among >> those who in the Git project are listened to > > I can assure you that Jonathan listened to crypto experts. It just did not > happen on the mailing list, which is sad regarding openness and transparency.
In the interest of openness and transparency, perhaps a blue doc should be put together to outline and document the hash function that succeeds SHA1, and the rationales for doing so? It would, ideally, cite (preferably by including, and not just linking to) any discussions with crypto experts that have chimed in off-list (given said experts' consent for any such communication to be publicized, naturally). If I'm not mistaken, the only such doc behind the transition right now is the Git hash function transition document, which covers the technical barriers to replacing SHA1, but not why we might choose X to replace SHA1.
