27 Feb
2025
27 Feb
'25
12:26
On 2/27/25 13:17, Neal Gompa wrote:
It was a mistake to use SHA256 right now, because nobody is ready to use it yet.
It's one of the critical pieces actually. SHA1 is deprecated already, https://csrc.nist.gov/news/2022/nist-transitioning-away-from-sha-1-for-all-a... and since we would like to rely on integrity of the source repositories via signatures (in the near future), we had no real choice but to use SHA256 here. SHA256 will be default for Git 3.0 (whenever that comes) https://www.phoronix.com/news/Git-2.46-rc0-Released The interop with SHA1 repos is not really there yet, but this will improve. Considering we have no interop with anything currently on the VCS level, this shouldn't be much of a problem. - Adam