If I create a sha256 repository using git init --object-format=sha256
, I get the error fatal: protocol error: unexpected capabilities^{}
when trying to push.
Rationale: the use case requires the repo to be tamper-proof. Using sha256 is easier than explaining the difference between a collision and a pre-image attack.
Is there some hope for this ticket? We are now switching with openSUSE to git-based management of packages and given the long-term nature of distro packaging we will be keeping everything in sha256 repos (and
gitea
). It would be lovely if I could use Sourcehut for the collaboration on some of these repos.
We're mostly blocked on support from go-git for this:
We're mostly blocked on support from go-git for this:
Sad, I have discussed this with our people and apparently we are able to have working Gitea only with running git subprocesses, which may be not possible for Sourcehut.