On Tue, May 21, 2019 at 1:06 AM Paul Hammant <paul_at_hammant.org> wrote:
> The Git folks moved to a hardened SHA1 function as an interim measure
> on the way to SHA-256 -
>
> https://github.com/git/git/blob/master/Documentation/technical/hash-function-transition.txt
>
> I think you're generally right. While I might think that an auditor
> would simply be advised of the root hash for a Merkle tree that for a
> branch at a moment in time, or a tag, Subversion doesn't have a a
> Merkle tree under the hood. I coded something niche to retrofit
> Subversion with that, but it's not core and far from perfect as it
> relies on an LRU cache and keeps no history itself. Git's merkle tree
> would be perfect if it didn't blow up when repos get too big, and if
> allowed clone from nodes other than root (branches and tags are in
> respect of root of course). So, ignore me here
Why a merkle tree? One of Subversion's strengths is its linear revision
history. You could use blockchain and get financial strength audit ability.
Received on 2019-05-21 15:32:32 CEST