Great to hear on 1.10 move along.
On SHA1 I can help if you feel it may move things along in *parallel* - we
ended up having to use the pre-commit hook for our customer base as per
On Tue, May 2, 2017 at 3:32 AM, Stefan Sperling <stsp_at_elego.de> wrote:
> On Mon, May 01, 2017 at 11:57:54PM +0200, Johan Corveleyn wrote:
> > On Mon, May 1, 2017 at 10:54 PM, Julian Foad <julianfoad_at_apache.org>
> > > Just asking...
> > >
> > > As I understand it, we paused the issuing of 1.10 alpha releases
> because we
> > > considered that the final 1.10 release will need to address the SHA1
> > > collision issue otherwise it won't be considered a viable release.
> > >
> > > It seemed reasonable to pause for a bit while the SHA1 issue was
> worked on,
> > > and Stefan2 has done some work on that. But currently it seems that
> there is
> > > nobody doing any further work on it.
> > >
> > > We could continue waiting, or maybe now we should resume the alpha
> > > of the new features (conflict resolution), and let the SHA1 work be
> fixed as
> > > and when someone is motivated to do so (before or after 1.10). It
> seems to
> > > me that sometimes in open source we need to get on with doing what we
> > > do, and just trust that someone else will do the rest.
> > >
> > > Thoughts?
> > +1.
> > I think this "pause-for-sha1-fixes" has now taken more than long
> > enough. We should try gathering our focus again on releasing 1.10, and
> > get the improvements it brings in the hands of users.
> I agree!
> I was one of the people pushing for more SHA1 fixes but I did not find
> time to do any of that work myself. I will not object if we decide that
> these changes will have to happen later on. We do not seem to have enough
> resources to push more SHA1 fixes through right now. So let's do whatever
> else we can get done instead.
Received on 2017-05-02 15:21:13 CEST