SHA-1 is clearly on its way out.  I know that there has been discussion
in the past about moving to different algorithms.  I'm not interested in
having that discussion now.

I'd like to introduce a set of preprocessor constants that we'd use
instead of hard-coded 20s and 40s everywhere.  That way, if we decide to
support a different algorithm, doing so becomes significantly easier.
These would be used in new code.

After that, I'd like to slowly start moving existing code to use these

I would also like to consider, as a third step, turning all of the
unsigned char[20] uses into a struct containing unsigned char[20] as its
only member, like libgit2 does.  This disambiguates arbitrary byte data
from byte sequences being used to represent an SHA-1 ID.

I'm hoping the first suggestion will be mostly unobjectionable, as
having hard-coded constants is widely considered bad programming
practice.  I suspect the latter two will be more controversial.  These
changes, if implemented, would be done by hand, not by machine, and they
would be bisectable.


brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply via email to