unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: Liliana Marie Prikler <liliana.prikler@gmail.com>
To: zimoun <zimon.toutoune@gmail.com>, Mark H Weaver <mhw@netris.org>,
	 guix-devel@gnu.org
Subject: Re: On raw strings in <origin> commit field
Date: Tue, 04 Jan 2022 06:23:23 +0100	[thread overview]
Message-ID: <03096402e357e9b82084cda5f2822e1e8bf3d051.camel@gmail.com> (raw)
In-Reply-To: <864k6ke87e.fsf@gmail.com>

Hi simon,

Am Dienstag, dem 04.01.2022 um 00:00 +0100 schrieb zimoun:
> [...]
> 
> You are saying what I predicted you will say :-) ; here I quote
> myself:
> 
>         The statement «Git commit hashes do not just depend on the
>         content» is wrong.  [...]
> 
> Sorry, I used meta-content instead of “content content”. :-) In all
> cases, that is part of the content that is hashed.  Well, maybe I
> appears picky but I feel there is a fundamental misunderstanding
> somewhere. :-)
> 
> [...]
>         $ echo hello > hello.txt
> 
>         $ cat hello.txt | git hash-object --stdin
>         ce013625030ba8dba906f756967f9e9ca394464a
> 
>         $ guix hash -S git -H sha1 -f hex hello.txt
>         ce013625030ba8dba906f756967f9e9ca394464a
> 
> Or using the default format and hash function, comparing Git and Nar
> serializers:
> 
>         $ guix hash -S nar hello.txt
>         04zwf782yjwnh3q6hz5izfd6jyip8kgw6g6yj43fiqhbyhdd0dqw
> 
>         $ guix hash -S git hello.txt
>         1d7bp5nmgpi5j1ikglw3l7ry7dzczlhp8wl79arl75g2kqyxiy1c
> 
> The content can be one file, some files, folders, etc.  or Git
> objects as Git commit object or Git tree object or whatever. 
> Therefore, Git commit hash only depends on the content itself, i.e.,
> Git commit object; as explained by the pointer provided earlier in
> the thread,
> 
>     <https://git-scm.com/book/en/v2/Git-Internals-Git-Objects>
At some point in there (you can figure out yourself where), you are
mistakenly equating file hashes and commit hashes, which you make
comparison to other tools which only regard the files as content.  One
of them is immutable for all I know, the other is subject to very
observable changes.

> Last, identifier is different from integrity checksum.  Especially,
> if a collision is possible, then it invalidates the integrity
> checksum.  A collision for an identifier does not matter so much
> security-wise, because it just implies that the lookup is not unique
> or that one content is unreachable.  Well, collision is for sure an
> issue and can break the content-address system, even can lead to
> security troubles for extreme cases, but also for sure, it does not
> change the relation between Git commit hash and content.
"Lookup is not unique" is exactly the problem we have for robustness
with tags, however.

> Therefore, from my side, I consider it as a final word.
Fair enough, we can agree on the conclusion even if reached by
different methods.

Cheers


  reply	other threads:[~2022-01-04  5:24 UTC|newest]

Thread overview: 63+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-28 20:55 On raw strings in <origin> commit field Liliana Marie Prikler
2021-12-29  8:39 ` zimoun
2021-12-29 20:25   ` Liliana Marie Prikler
2021-12-30 12:43     ` zimoun
2021-12-31  0:02       ` Liliana Marie Prikler
2021-12-31  1:23         ` zimoun
2021-12-31  3:27           ` Liliana Marie Prikler
2021-12-31  9:31             ` Ricardo Wurmus
2021-12-31 11:07               ` Liliana Marie Prikler
2021-12-31 12:31                 ` Ricardo Wurmus
2021-12-31 13:18                   ` Liliana Marie Prikler
2021-12-31 13:15               ` zimoun
2021-12-31 15:19                 ` Liliana Marie Prikler
2021-12-31 17:21                   ` zimoun
2021-12-31 20:52                     ` Liliana Marie Prikler
2021-12-31 23:36         ` Mark H Weaver
2022-01-01  1:33           ` Liliana Marie Prikler
2022-01-01  5:00             ` Mark H Weaver
2022-01-01 10:33               ` Liliana Marie Prikler
2022-01-01 20:37                 ` Mark H Weaver
2022-01-01 22:55                   ` Liliana Marie Prikler
2022-01-02 22:57                     ` Mark H Weaver
2022-01-03 21:25                       ` Liliana Marie Prikler
2022-01-03 23:14                         ` Mark H Weaver
2022-01-04 19:55                           ` Liliana Marie Prikler
2022-01-04 23:42                             ` Mark H Weaver
2022-01-05  9:28                               ` Mark H Weaver
2022-01-05 20:43                                 ` Liliana Marie Prikler
2022-01-06 10:38                                   ` Mark H Weaver
2022-01-06 11:25                                     ` Liliana Marie Prikler
2022-01-02 19:30                   ` zimoun
2022-01-02 21:35                     ` Liliana Marie Prikler
2022-01-03  9:22                       ` zimoun
2022-01-03 18:13                         ` Liliana Marie Prikler
2022-01-03 19:07                           ` zimoun
2022-01-03 20:19                             ` Liliana Marie Prikler
2022-01-03 23:00                               ` zimoun
2022-01-04  5:23                                 ` Liliana Marie Prikler [this message]
2022-01-04  8:51                                   ` zimoun
2022-01-04 13:15                                     ` zimoun
2022-01-04 19:45                                       ` Liliana Marie Prikler
2022-01-04 19:53                                         ` zimoun
2021-12-31 23:56         ` Mark H Weaver
2022-01-01  0:15           ` Liliana Marie Prikler
2021-12-30  1:13 ` Mark H Weaver
2021-12-30 12:56   ` zimoun
2021-12-31  3:15   ` Liliana Marie Prikler
2021-12-31  7:57     ` Taylan Kammer
2021-12-31 10:55       ` Liliana Marie Prikler
2022-01-01  1:41     ` Mark H Weaver
2022-01-01 11:12       ` Liliana Marie Prikler
2022-01-01 17:45         ` Timothy Sample
2022-01-01 19:52           ` Liliana Marie Prikler
2022-01-02 23:00             ` Timothy Sample
2022-01-03 15:46           ` Ludovic Courtès
2022-01-01 20:19         ` Mark H Weaver
2022-01-01 23:20           ` Liliana Marie Prikler
2022-01-02 12:25             ` Mark H Weaver
2022-01-02 14:09               ` Liliana Marie Prikler
2022-01-02  2:07         ` Bengt Richter
2021-12-31 17:56 ` Vagrant Cascadian
2022-01-03 15:51   ` Ludovic Courtès
2022-01-03 16:29     ` Vagrant Cascadian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=03096402e357e9b82084cda5f2822e1e8bf3d051.camel@gmail.com \
    --to=liliana.prikler@gmail.com \
    --cc=guix-devel@gnu.org \
    --cc=mhw@netris.org \
    --cc=zimon.toutoune@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).