Re: bye-bye abbreviated commit IDs

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bye-bye abbreviated commit IDs

From:	Bruno Haible
Subject:	Re: bye-bye abbreviated commit IDs
Date:	Sun, 29 Dec 2024 00:38:29 +0100

[Changing the subject to attract more attention]

Simon Josefsson wrote:
>   4) using abbreviated short identifiers makes it possible for someone
>      to create a malicious git commit that matches the hash prefix, and
>      then it would be unclear which commit the announcement really
>      referred to.  Not directly comparable, but illustrative on the
>      problems with truncating hashes is the recent OpenWRT incident
>      https://openwrt.org/advisory/2024-12-06 and there are now tools to
>      generate arbitrary short git commit identifers:
>      https://github.com/not-an-aardvark/lucky-commit

Will the 'git' people deprecate the use of "git rev-parse --short=LENGTH"
with LENGTH < 10 ?

According to [1], the minimum length is still 4.

Bruno

[1] https://git-scm.com/docs/git-rev-parse

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] maintainer-makefile: Improve gnulib-version derivation., Simon Josefsson, 2024/12/28
- Re: bye-bye abbreviated commit IDs, Bruno Haible <=
  - Re: bye-bye abbreviated commit IDs, Simon Josefsson, 2024/12/28
- Re: [PATCH] maintainer-makefile: Improve gnulib-version derivation., Bruno Haible, 2024/12/28
  - Re: [PATCH] maintainer-makefile: Improve gnulib-version derivation., Paul Eggert, 2024/12/28
  - Re: [PATCH] maintainer-makefile: Improve gnulib-version derivation., Simon Josefsson, 2024/12/28
    - Re: [PATCH] maintainer-makefile: Improve gnulib-version derivation., Bruno Haible, 2024/12/28

Prev by Date: Re: iconv_open: doesn't handle NetBSD bmake
Next by Date: Re: [PATCH] maintainer-makefile: Improve gnulib-version derivation.
Previous by thread: [PATCH] maintainer-makefile: Improve gnulib-version derivation.
Next by thread: Re: bye-bye abbreviated commit IDs
Index(es):
- Date
- Thread