The open source Git project just released Git 2.29 with features and bug fixes from over 89 contributors, 24 of them new. Last time we caught up with you, Git 2.28 had just been released. One version later, let’s take a look at the most interesting features and changes that have happened since then.

Experimental SHA-256 support

Git 2.29 includes experimental support for writing your repository’s objects using a SHA-256 hash of their contents, instead of using SHA-1.

What does all of that mean? To explain, let’s start from the beginning.

When you add files to a repository, Git copies their contents into blob objects in its local database, and creates tree objects that refer to the blobs. Likewise, when you run git commit, this creates a commit object that refers to the tree representing the committed state. How do these objects “refer” to each other, and how can you identify them when interacting with Git? The answer is that each object is given a unique name, called its object id, based on a hash of its contents. Git uses SHA-1 as its hash algorithm of choice, and depends on the object ids of different objects to be unique.

Back in this blog post, we estimated that even if you had five million programmers writing one commit every second, you would only have a 50% chance of accidentally generating a collision before the Sun engulfs the Earth. Some published attacks exist which use tricks that exploit weaknesses in SHA-1 that can reduce the effort required to generate a collision, but these attacks still cost tens of thousands of dollars to execute, and no known examples have been published which target Git.

#community #open source #git