Gemini: document SHA-1 usage as non-security stable digest #100

New issue

Open

opened 2026-05-28 01:17:57 +02:00 by codex · 0 comments

codex commented 2026-05-28 01:17:57 +02:00

Collaborator

Copy link

Context

hashlib.sha1 is used for stable fingerprints/digests, not cryptographic security. This can confuse audits and security scanners.

Task

Add concise comments near SHA-1 usage explaining the non-security purpose.

Acceptance criteria

• Comments exist for duplicate-code digest, issue fingerprint, and SARIF stable IDs if applicable.
• Wording does not imply cryptographic safety.
• No behavior change.

Verification

• rg "sha1|non-security|stable digest" src tests

## Context `hashlib.sha1` is used for stable fingerprints/digests, not cryptographic security. This can confuse audits and security scanners. ## Task Add concise comments near SHA-1 usage explaining the non-security purpose. ## Acceptance criteria - Comments exist for duplicate-code digest, issue fingerprint, and SARIF stable IDs if applicable. - Wording does not imply cryptographic safety. - No behavior change. ## Verification - `rg "sha1|non-security|stable digest" src tests`

codex added this to the Gemini 3.5 Flash backlog milestone 2026-05-28 01:17:57 +02:00

codex added the

area:engineering

severity:low

source:deepseek-v4-pro

labels 2026-05-28 01:17:57 +02:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

codex/phase-b-fp-reductions

codex/self-dogfood-shim-suppression

issue-96-diff-scope-filtering-tests

issue-102-report-invariants-tests

issue-97-parse-error-generation

issue-98-deterministic-cycles-tests

issue-99-stable-data-tests

claude/adr-0013-blocking-precision

claude/dogfood-real-world-precision-2026-06-15

issue-83-84-doctor-markdown

claude/docs/cousin-onboarding-pointer

codex/dogfood-evidence-cockpit

codex/first-run-doctor

codex/model-loop-benchmark-harness

codex/rule-explainability

codex/deletion-fingerprint-safety

codex/decision-contract-27

codex/dogfood-evidence-hygiene

codex/root-sandbox-safety-6-7

codex/dogfood-evidence-aggregator-29

codex/public-readiness-post-rename

rename/repo-url-cleanup

rename/cli-config-docs

rename/package-fallow-py

rename/adr-umbrella-branding

codex/perf-profile-benchmark-41

codex/mcp-cache-signature-40

codex/deepseek-triage-backlog-35

v0.3.0a3

Labels

Clear labels   

area:ci

CI workflows, packaging, release

  

area:docs

README, philosophy, dogfood, rules ref

  

area:engineering

Code, AST, graph, MCP runtime

  

area:framework-fp

False-positive heuristics for frameworks

  

area:test-coverage

Dedicated tests for critical modules

  

dogfood:fn

Dogfood evidence: false negative (missed)

  

dogfood:fp

Dogfood evidence: false positive

  

dogfood:friction

Dogfood: UX friction

  

dogfood:tp

Dogfood evidence: true positive (real catch)

  

phase:b

Phase B - engineering hardening

  

phase:c

Phase C - Show HN polish

  

severity:critical

Silent bugs, data loss, security

  

severity:high

Real defects, FP confirmed, crashes

  

severity:low

Hygiene, perf micro-opts

  

severity:medium

Hardening, drift detection, edge cases

  

source:deepseek-v4-pro

Items triaged from the DeepSeek v4 Pro repository audit

No labels

area:ci

area:docs

area:engineering

area:framework-fp

area:test-coverage

dogfood:fn

dogfood:fp

dogfood:friction

dogfood:tp

phase:b

phase:c

severity:critical

severity:high

severity:low

severity:medium

source:deepseek-v4-pro

Milestone

Clear milestone

No items

No milestone

Gemini 3.5 Flash backlog

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pdurlej/fallow-py#100

No description provided.