Page MenuHomeSoftware Heritage

SWHID v2
Open, LowPublic

Description

This is a meta-task to track activities related to rolling out the next version of SWHID (aka v2).
This includes the following:

  • complete on paper spec
  • aligned with work done on new git hashes
  • including migration plan from/cohabitation with v1 (N.B.: we need to maintain SWHID v1 support forever anyway)
  • understand impact on internal microservice architecture (related to T1805, in particular use SWHIDs everywhere (core SWHIDs, without qualifiers))
  • keep correspondence with v1 (there may be multiple v2 for one v1!)
  • reviewed by crypto experts

Event Timeline

SWHID v2 should also prevent the hash collision issues we are currently facing (some related to the SHAttered attack on SHA1), see T3775 and SWH-LOADER-GIT-JT.

SWHID v2 should also prevent the hash collision issues we are currently facing (some related to the SHAttered attack on SHA1), see T3775 and SWH-LOADER-GIT-JT.

After a closer look, it appears that this issue is not specific to SWHv1, or the future SWHv2, but to our data model and ingestion pipeline.
T3775 has been updated accordingly.

wishlist: it would be nice ot be able to check the whole hash of a revision/release even when the author name/email are replaced by a hash. (eg. by making SWHIDv2 a tree hash)

wishlist: it would be nice ot be able to check the whole hash of a revision/release even when the author name/email are replaced by a hash. (eg. by making SWHIDv2 a tree hash)

I agree, would make anonymous exports much more usable for example.

bchauvet lowered the priority of this task from Normal to Low.Mar 25 2022, 5:26 PM