Message ID | 20181028225023.26427-1-avarab@gmail.com (mailing list archive) |
---|---|
Headers | show |
Series | index-pack: optionally turn off SHA-1 collision checking | expand |
On Sun, Oct 28, 2018 at 10:50:19PM +0000, Ævar Arnfjörð Bjarmason wrote: > I left the door open for that in the new config option 4/4 implements, > but I suspect for Geert's purposes this is something he'd prefer to > turn off in git on clone entirely, i.e. because it may be running on > some random Amazon's customer's EFS instance, and they won't know > about this new core.checkCollisions option. > > But maybe I'm wrong about that and Geert is happy to just turn on > core.checkCollisions=false and use this series instead. I think that the best user experience would probably be if git were fast by default without having to give up on (future) security by removing the sha1 collision check. Maybe core.checkCollisons could default to "on" only when there's no loose objects in the repository? That would give a fast experience for many common cases (git clone, git init && git fetch) while still doing the collision check when relevant. My patch used the --cloning flag as an approximation of "no loose objects". Maybe a better option would be to check for the non-existence of the [00-ff] directories under .git/objects.
Geert Jansen <gerardu@amazon.com> writes: > Maybe a better option would be to check for the non-existence of the [00-ff] > directories under .git/objects. Please do not do this; I expect many people do this before they leave work, just like I do: $ git repack -a -d -f --window=$largs --depth=$small $ git prune which would typically leave only info/ and pack/ subdirectories under .git/objects/ directory.