etc/reports/26-06.md
While my feeling for time is just noneexisting and it's hard for me to say what I ate for lunch yesterday (not kidding), at least I can say with great certainty that most of the month I didn't actually work. And while my GitHub activity is still suspiciously 'green', my inbox is proof of that with 'just' 15 PRs left to review. Trust me, I learned my lesson, I will never do an actual vacation again :P.
With that said, there is a bunch of progress this month.
Thanks to the tireless work of Adrian Ratiu it's now possible to clone from SHA-256 repositories, and from what I can tell it just works.
With that I'd have to research what else is missing, but if I am to be trusted that this big pieces are definitely done. Some polish here and there and one can probably call this task accomplished.
The Google-OSS fuzz kept coming up with the occsional hit, but it's more churn than anything. An actual bug was gix-packetline's inability to handle invalid input. But otherwise, it seems to be spending a lot of time attacking the Myers diff, while everyone should probably be using Histogram.
There were plenty of reference and refspec related fixes which aggregate into their own topic of "correctness", typically by avoiding to be stricter than Git 😅.
The highlight here, and by a margin, is to allow \0 as line terminator in loose references, just like Git.
Last but not least, refspecs are handled more correctly when matching and remote symbolic refs are now resolved against remote references, not local ones.
Did you know that I use helix to write and edit all of my commit messages, and sometimes for ad-hoc quick-edits?
As such, it was a particular pleasure to accidentally stumble on problems they have been having, an fix them with this months' release.
For one, it fixes a panic that happened when a repository was opened with the GIT_DIR environment variable set, and provides a way to discover repositories while specifying the desired trust level. This way, the application can decide what to trust, or make it configurable itself.
It's clear that the community is incredibly active these days, curtesy of the 15 PRs I have yet to review! But if I had to chose one…
packed-refs traversal without handbrakePreviously, the binary search through packed-refs would use the official parser to find the ending of a packed-refs line, which does… full validation. Now it just finds the bytes of interest itself, and validates only before the entry is returned, making packed-refs lookups something like 100x faster, which means many seconds saved for each operation in an AUR repository.
There is nothing new here, but let's keep the horizon active:
With GitButler slated to have its checkout driven by a tailor-made implementation of 'reset' in
gitoxide, this coincidentally is exactly what Cargo would need to also greatly speed up its checkouts and make them more compatible, too. We are talking proper Git filter support, and speedups in the realms of ~7x.
Cheers Sebastian
PS: The latest timesheets can be found here (2026).