From: Jeff King <peff@peff.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Git Mailing List" <git@vger.kernel.org>
Subject: Re: [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits
Date: Thu, 20 Oct 2011 00:34:48 -0400 [thread overview]
Message-ID: <20111020043448.GA7628@sigill.intra.peff.net> (raw)
In-Reply-To: <7vvcrk9td7.fsf@alter.siamese.dyndns.org>
On Wed, Oct 19, 2011 at 09:31:16PM -0700, Junio C Hamano wrote:
> Jeff King <peff@peff.net> writes:
>
> > And nothing shows up in the body, because git truncates at the NUL we
> > added:
> >
> > $ git show
> > commit 31337a1093af2d97eb2e6c08b261c2946395fdd3
> > Author: Jeff King <peff@peff.net>
> > Date: Wed Oct 19 15:34:00 2011 -0400
> >
> > 10
> >
> > diff --git a/file b/file
>
> But you cannot hide from "cat-file commit" ;-)
Yes. The implementation is a horrible hack, second only in grossness to
the original idea. :)
> With the recent push to more (perceived) security, it may probably make
> sense to teach "log" family commands to quote-show ^@ and what is behind
> in their output by default, perhaps with an option to turn it off.
Agreed. Having hidden cruft makes birthday collision attacks easier (or
it will, if sha1 ever gets broken to that point). Unfortunately, there
is a _ton_ of code which assumes that commit messages are
NUL-terminated, as they always have been since e871b64 (2005-05-25).
-Peff
next prev parent reply other threads:[~2011-10-20 4:34 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-19 18:03 [IGNORETHIS/PATCH] Choosing the sha1 prefix of your commits Ævar Arnfjörð Bjarmason
2011-10-19 19:01 ` Jeff King
2011-10-19 19:38 ` Jeff King
2011-10-20 2:51 ` Jeff King
2011-10-20 4:15 ` Kyle Moffett
2011-10-20 4:25 ` Jeff King
2011-10-20 4:27 ` Junio C Hamano
2011-10-20 4:32 ` Kyle Moffett
2011-10-24 20:47 ` Jeff King
2011-10-20 4:31 ` Junio C Hamano
2011-10-20 4:34 ` Jeff King [this message]
2011-10-20 6:57 ` Junio C Hamano
2011-10-20 7:13 ` Jeff King
2011-10-20 13:14 ` Ted Ts'o
2011-10-20 15:56 ` Jeff King
2011-10-25 22:35 ` Drew Northup
2011-10-20 18:36 ` Re* " Junio C Hamano
2011-10-20 19:00 ` Jeff King
2011-10-20 7:27 ` Nguyen Thai Ngoc Duy
2011-10-20 9:14 ` Nguyen Thai Ngoc Duy
2011-10-20 15:44 ` Jeff King
2011-10-20 9:38 ` Mikael Magnusson
2011-10-20 13:44 ` Elijah Newren
2011-10-19 22:09 ` Jonathan Nieder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111020043448.GA7628@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).