From 3de1d6589abbfe7faad2b0a7f32ae8c9f0518693 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Wed, 24 Jul 2013 13:10:28 -0400
Subject: [PATCH] TODO: More bits about commit objects

---
 TODO | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/TODO b/TODO
index e06be2f4..c071313b 100644
--- a/TODO
+++ b/TODO
@@ -6,6 +6,10 @@
     key-value store?
   - Optional non-object metadata; e.g., "detached" GPG signatures which
     are in the same file (to avoid double HTTP requests)
+  - Extended validation; SHA512+SHA256 checksum of all metadata along
+    with content object metadata (file size in particular) wouldn't take
+    too much extra time per commit, and would greatly strengthen resistance
+    to active hash collision attacks.
 
 * Hybrid SSL pull (fetch refs over SSL, content via plain HTTP)
 
@@ -15,11 +19,6 @@
     investigate something like http://www.sqlite.org/wal.html for having
     a shared file.
 
-* GPG signatures on commits, and more generally, extensible metadata
-  associatible with commits.  So for example, commit objects could
-  also contain secondary checksums of the *entire* content, which
-  would allow for stronger verification.
-
 * Indexed metadata pack objects for bare repositories at least;
   no reason to inflict thousands of little metadata files on
   each client.