From: Taylor Blau <me@ttaylorr.com>
To: Jeff King <peff@peff.net>
Cc: "brian m. carlson" <sandals@crustytoothpaste.net>,
git@vger.kernel.org, Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCH (v2.47 regression)] hash.h: set NEEDS_CLONE_HELPER_UNSAFE in fallback mode
Date: Wed, 2 Oct 2024 21:00:57 -0400 [thread overview]
Message-ID: <Zv3syfwZykRtJYQX@nand.local> (raw)
In-Reply-To: <20241003002140.GB3486271@coredump.intra.peff.net>
On Wed, Oct 02, 2024 at 08:21:40PM -0400, Jeff King wrote:
> On Thu, Oct 03, 2024 at 12:13:47AM +0000, brian m. carlson wrote:
>
> > On 2024-10-02 at 23:26:18, Jeff King wrote:
> > > This is a regression in v2.47.0-rc0. As mentioned above, I kind of doubt
> > > anybody will hit it in practice (I only did because I was trying to do
> > > some timing tests between the fast and dc variants). And it is almost
> > > tempting to leave it as a wake-up call for anybody who is still not
> > > using a collision-detecting sha1. ;)
> >
> > I think this is a fine fix for 2.47. I have a branch on my remote
> > (sha1-dc-only), which I'll send out after it passes CI (probably later
> > this week), that removes support for the everything but SHA-1-DC (except
> > for the unsafe code).
> >
> > I don't think there's a reasonable configuration where people can use
> > Git with other SHA-1 code except in extremely limited circumstances we
> > shouldn't have to maintain code for. The code is open source, so people
> > who really must have maximum performance with all of the vulnerabilities
> > can patch it back in themselves.
>
> Yeah, I feel the same way. I only happened to try this because it was
> the easiest way to speed-compare different implementations using
> "test-tool sha1". ;)
I imagine that you both mean that non-collision detecting variants are
unsuitable for the "safe" SHA-1 implementation, and that the "unsafe"
variant can still be driven with BLK_SHA1, OpenSSL, etc.
And reading the patch at the tip of brian's 'sha1-dc-only' branch, that
looks to be the case. So I'm in agreement with the both of you ;-).
> Possibly that helper could grow an option to use the unsafe variant,
> though even that is probably not a high priority.
Yeah, that would be nice. Though I agree it's not a huge priority.
Thanks,
Taylor
next prev parent reply other threads:[~2024-10-03 1:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-02 23:26 [PATCH (v2.47 regression)] hash.h: set NEEDS_CLONE_HELPER_UNSAFE in fallback mode Jeff King
2024-10-03 0:13 ` brian m. carlson
2024-10-03 0:21 ` Jeff King
2024-10-03 1:00 ` Taylor Blau [this message]
2024-10-03 0:57 ` Taylor Blau
2024-10-03 18:20 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zv3syfwZykRtJYQX@nand.local \
--to=me@ttaylorr.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).