[Changing the subject to attract more attention] Simon Josefsson wrote: > 4) using abbreviated short identifiers makes it possible for someone > to create a malicious git commit that matches the hash prefix, and > then it would be unclear which commit the announcement really > referred to. Not directly comparable, but illustrative on the > problems with truncating hashes is the recent OpenWRT incident > https://openwrt.org/advisory/2024-12-06 and there are now tools to > generate arbitrary short git commit identifers: > https://github.com/not-an-aardvark/lucky-commit
Will the 'git' people deprecate the use of "git rev-parse --short=LENGTH" with LENGTH < 10 ? According to [1], the minimum length is still 4. Bruno [1] https://git-scm.com/docs/git-rev-parse
