Home Explore Blog CI



git
2nd chunk of `Documentation/BreakingChanges.adoc`
2897afcd8c43332ae5fb89819883ef53dd74f5d343775e6c0000000100000d89
 not waste our time bringing it up again".

== Procedure

Discussing the desire to make breaking changes, declaring that breaking
changes are made at a certain version boundary, and recording these
decisions in this document, are necessary but not sufficient.
Because such changes are expected to be numerous, and the design and
implementation of them are expected to span over time, they have to
be deployable trivially at such a version boundary, prepared over long
time.

The breaking changes MUST be guarded with the a compile-time switch,
WITH_BREAKING_CHANGES, to help this process.  When built with it,
the resulting Git binary together with its documentation would
behave as if these breaking changes slated for the next big version
boundary are already in effect.  We also have a CI job to exercise
the work-in-progress version of Git with these breaking changes.


== Git 3.0

The following subsections document upcoming breaking changes for Git 3.0. There
is no planned release date for this breaking version yet.

Proposed changes and removals only include items which are "ready" to be done.
In other words, this is not supposed to be a wishlist of features that should
be changed to or replaced in case the alternative was implemented already.

=== Changes

* The default hash function for new repositories will be changed from "sha1"
  to "sha256". SHA-1 has been deprecated by NIST in 2011 and is nowadays
  recommended against in FIPS 140-2 and similar certifications. Furthermore,
  there are practical attacks on SHA-1 that weaken its cryptographic properties:
+
  ** The SHAppening (2015). The first demonstration of a practical attack
     against SHA-1 with 2^57 operations.
  ** SHAttered (2017). Generation of two valid PDF files with 2^63 operations.
  ** Birthday-Near-Collision (2019). This attack allows for chosen prefix
     attacks with 2^68 operations.
  ** Shambles (2020). This attack allows for chosen prefix attacks with 2^63
     operations.
+
While we have protections in place against known attacks, it is expected
that more attacks against SHA-1 will be found by future research. Paired
with the ever-growing capability of hardware, it is only a matter of time
before SHA-1 will be considered broken completely. We want to be prepared
and will thus change the default hash algorithm to "sha256" for newly
initialized repositories.
+
An important requirement for this change is that the ecosystem is ready to
support the "sha256" object format. This includes popular Git libraries,
applications and forges.
+
There is no plan to deprecate the "sha1" object format at this point in time.
+
Cf. <2f5de416-04ba-c23d-1e0b-83bb655829a7@zombino.com>,
<20170223155046.e7nxivfwqqoprsqj@LykOS.localdomain>,
<CA+EOSBncr=4a4d8n9xS4FNehyebpmX8JiUwCsXD47EQDE+DiUQ@mail.gmail.com>.

=== Removals

* Support for grafting commits has long been superseded by git-replace(1).
  Grafts are inferior to replacement refs:
+
  ** Grafts are a local-only mechanism and cannot be shared across
     repositories.
  ** Grafts can lead to hard-to-diagnose problems when transferring objects
     between repositories.
+
The grafting mechanism has been marked as outdated since e650d0643b (docs: mark
info/grafts as outdated, 2014-03-05) and will be removed.
+
Cf. <20140304174806.GA11561@sigill.intra.peff.net>.

* The git-pack-redundant(1) command can be used to remove redundant pack files.
  The subcommand is unusably slow and the reason why nobody
Title: Git 3.0 Breaking Changes
Summary
The Git project is planning to make breaking changes in Git 3.0, including changing the default hash function from SHA-1 to SHA-256 due to security concerns, and removing support for grafting commits in favor of replacement refs, as well as other changes and removals to improve the project's maintainability and security.