On 25/03/29 09:58AM, Christian Couder wrote: > On Fri, Mar 28, 2025 at 6:05 PM Justin Tobler <jltobler@xxxxxxxxx> wrote: > > Regarding "unsafe-SHA-1", I wonder if we should use a different name in > > the printed build options that sounds a little less scary. I was > > thinking maybe "fast-SHA-1" and document its meaning appropriately. I'm > > interested to know if anyone has thoughts on this. > > Maybe we could use just "SHA-1" if a single algorithm is used for > everything, and both "SHA-1 for crypto" and "SHA-1 for non-crypto" > otherwise. Maybe we could leave "SHA-1:" alone and when unsafe is set use "non-crypto-SHA-1" instead of "unsafe-SHA-1"? It's a little wordy, but probably not too bad. > Related to this I wonder if we should warn in some ways if a non > collision detection algorithm is used for crypto. For example we could > print "SHA-1: OpenSSL (No collision detection!!!)" instead of just > "SHA-1: OpenSSL". And yeah that should be documented. Elsewhere in this thread it was suggested that we use the internal symbol names instead of coming up with new human readable names [1]. I'll append this warning to the appropriate options as well though and document it. Thanks, -Justin [1]: <xmqq8qoodq5u.fsf@gitster.g>
