Stefan Sperling wrote on Tue, Apr 04, 2017 at 11:33:18 +0200:
> On Mon, Feb 20, 2017 at 09:05:25AM +0100, Bert Huijben wrote:
> > This code is still in trunk without any of the discussed improvements, so
> > this change is currently part of 1.10.0-alpha1.
> >
> > If we don't implement the improvements I think we should check if we want
> > to revert to the 1.0-1.9 behavior before we really look at releasing 1.10.
> >
> > See discussion below
> >
> > Bert
>
> I think the proposed approach as implemented on trunk can no longer be
> considered viable, unfortunately, because of this step:
>
> > > >>> 4. Calculate SHA-1 checksum of detranslated contents of working file
> > > >>> and compare it with pristine's checksum stored in wc.db.
>
> Given that the SHA1 collision problem is real, we are now trying to stop
> relying on hashes to compare content. So it does not make sense to add
> new code which relies on hashes in this way, in my opinion.
Note that we can still do what rep-cache now does: treat equality of
checksums as a sensitive but not specific test for bit-for-bit equality;
that is: checksum the file, and if the resulting value is equal to the
stored value, do a full-text comparison too.
I'm not saying that this is what libsvn_wc should do; I'm just pointing
out that it is still possible to use sha1 safely.
Cheers,
Daniel
> It seems that using SHA1 to compare content is key to the proposed approach.
> If that is correct, then I don't agree with releasing 1.10 with this feature
> and I would be in favour of reverting this change.
Received on 2017-04-04 12:06:04 CEST