lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMuHMdXxqRRePJ_HHo---6ayjRnQcDRE--mx0kUDg0ceDELG9g@mail.gmail.com>
Date: Fri, 13 Dec 2024 20:41:17 +0100
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Dwaipayan Ray <dwaipayanray1@...il.com>, Lukas Bulwahn <lukas.bulwahn@...il.com>, 
	Joe Perches <joe@...ches.com>, Jonathan Corbet <corbet@....net>, 
	Thorsten Leemhuis <linux@...mhuis.info>, Andy Whitcroft <apw@...onical.com>, 
	Niklas Söderlund <niklas.soderlund@...igine.com>, 
	Simon Horman <horms@...nel.org>, Conor Dooley <conor@...nel.org>, 
	Miguel Ojeda <miguel.ojeda.sandonis@...il.com>, Junio C Hamano <gitster@...ox.com>, 
	workflows@...r.kernel.org, linux-doc@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/2] Increase minimum git commit ID abbreviation to 16 characters

Hi Linus,

On Thu, Dec 5, 2024 at 8:19 PM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Thu, 5 Dec 2024 at 10:16, Geert Uytterhoeven <geert+renesas@...der.be> wrote:
> > Hence according to the Birthday Paradox, collisions of 12-chararacter
> > git commit IDs are imminent, or already happening.
>
> Note that ambiguous commit IDs are not even remotely as scary as this implies.
>
> Yes, the current kernel tree has over ten million objects, and when
> you look at stable trees etc, you can easily see more.
>
> But commits are only a fraction (about 1/8th) of the total objects. My
> tree is at about 1.3M commits, so we're basically an order of
> magnitude off the point where collisions start being an issue wrt
> commit IDs.
>
> Can you find collisions by looking at all objects? Yes. Git will do
> that for you, and tell you their types. But to take one recent
> example, let's do the 6.12 commit:
> adc218676eef25575469234709c2d87185ca223a. To get an ambiguous ID, you
> have to go down to 6 characters, and even then git will tell you
> there's only one object that is a commit, ie
>
>    $ git show adc218
>
> results in
>
>   error: short object ID adc218 is ambiguous
>   hint: The candidates are:
>   hint:   adc218676eef commit 2024-11-17 - Linux 6.12
>   hint:   adc2184009c5 blob
>
> so right now you have a collision in six digits for that commit, but
> even then it's actually still entirely unambiguous once you know
> you're talking about a commit.

That's true for the basic command line tools...

> Make the tools deal with the cases we already have, and you'll find
> that the shortening is a complete non-issue.

FTR, cgit can use some improvements, as
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=adc218
just tells you "Bad object id: adc218".

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ