Is your feature request related to a problem? Please describe.
I recently tried creating fetching a repo with sha256 commits (created in forgejo) and was surprised to see it didn't work:
According to libgit2 it is an experimental feature since v1.6.0 and was supossedly finished in v1.7.0
Describe the solution you'd like
I would like support for sha256 objects to be added/enabled in jj
Describe alternatives you've considered
Do nothing, I was trying it out to see if there were any problems I could report. It is not necessary for my workflow c:
Additional context
The git documentation talks about why and how sha256 support is being introduced. The main reason is that sha1 was "broken" and you can thus serve a bad commit whose sha1 checksum matches the real commit's hash. This was mitigated by using a hardened version of sha1, but it was decided to also prepare to transition to sha256 which should be more resistant to such attacks.
Is your feature request related to a problem? Please describe. I recently tried creating fetching a repo with
sha256
commits (created in forgejo) and was surprised to see it didn't work:According to
libgit2
it is an experimental feature sincev1.6.0
and was supossedly finished inv1.7.0
Describe the solution you'd like I would like support for
sha256
objects to be added/enabled injj
Describe alternatives you've considered Do nothing, I was trying it out to see if there were any problems I could report. It is not necessary for my workflow c:
Additional context The git documentation talks about why and how
sha256
support is being introduced. The main reason is thatsha1
was "broken" and you can thus serve a bad commit whosesha1
checksum matches the real commit's hash. This was mitigated by using a hardened version ofsha1
, but it was decided to also prepare to transition tosha256
which should be more resistant to such attacks.