Git is planning to switch to SHA-256 soon. This is all great news, but the best thing is the command to convert an existing repo to the new hash. It reads like a shitpost and gets better with each argument:

git convert-repo --to-hash=sha-256 --frobnicate-blobs --climb-subtrees --liability-waiver=none --use-shovels --carbon-offsets


@00dani I love how the article simply drops that like it is nothing and makes no effort at explaining it.

@brunoph @00dani No wonder non-tech people all think we're wizards or some shit :blobcatgoogly:

@luna @brunoph @00dani I don't know. The context of the article and the fact that the command isn't mentioned anywhere in their linked-to source material suggests to me that it's not a real command. I think they just threw together something that sort of sounds right to illustrate the idea.

@Terrana @luna @brunoph @00dani It's a joke. That command is not real and just there to make fun of the usually cryptic commands of Git. It's well placed sarcasm :)

@cinebox @Terrana @luna @brunoph @00dani --frobnicate-blobs threw me off. But --climb-subtree seemed legit :)

@brunoph i'm not sure there really is a risk from git using "vulnerable" sha-1 hashes tbh

i mean like. you could potentially forge a malicious commit with the same hash as a good commit, maybe, but how do you get anyone to accept it? if you try to push it upstream and the good commit's already there, they collide and git just keeps the good one it already has

you somehow have to replace the good commit with the bad one after it's been reviewed and accepted into upstream, at which point the good commit is already in the upstream repo and can't be overridden with a same-hashed commit

it doesn't seem like a possible attack vector even if you could produce good and evil commits with the same hash

being able to switch to stronger hashes is good for general peace of mind, i guess, but i'm not sure there's any plausible attacks being prevented that way

@brunoph @00dani If you read the next sentence, the humor is obvious.

@brunoph I still don't get why they are not switching to a multi-hash implementation.

@brunoph I'm pretty sure that was indeed shitposting by Corbet and not the actual command 😉

@michel_slm I don’t even know what to believe anymore. For all I know, I wanna frobnicate all my blobs now.

@brunoph I think I read it was basically a joke (with the fake git man pages as reference), not the *actual* command that remains to be chosen.

@brunoph okay what do *any* of these arguments mean

are you sure this isn't just a shitpost?

like okay, climb-subtrees sounds like a suitably CS-y thing. frobnicate-blobs sounds absolutely like something a bored programmer would name an argument that they don't have a name for. but use-shovels??? carbon-offsets??

@Felthry @brunoph >note that the specific command-line options may differ

it's a subtle joke, it seems


Hey @iconography , as per , § "How Git works, simplified", paragraph 3 (beginning "To understand why SHA‑1 matters..."), I see that you are known to the kernel / git dev team - known and feared

@brunoph the command's context in the article makes me think it truly is a shitpost

@ben @brunoph it does say quite clearly that once the hashing is abstracted out, moving to convert is "just a command" like so, not that this is the command. It's just showing you can foo the bar but with something more colourful.

No fun allowed.

Wait, I thought LWN was joking with that command...

@brunoph from now on, when I create some cli tool it'll have --use-shovels as an option

@brunoph I think it's something jokey.

It comes from an in-joke where git man pages and old forestry books look pretty indistinguishable.

@brunoph whoever invented ''frobnicate'' is a genius. I can predict git will be the next new category on youporn.
@brunoph I do believe that is a joke but I sure hope this is what the final command will be like. Frobnicate is such a excellent word and it should be used more
Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!