[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Continue the 1.10 alphas?

From: Jacek Materna <jacek_at_assembla.com>
Date: Tue, 2 May 2017 08:21:01 -0500

Great to hear on 1.10 move along.

On SHA1 I can help if you feel it may move things along in *parallel* - we
ended up having to use the pre-commit hook for our customer base as per
https://svn.apache.org/viewvc/subversion/trunk/tools/hook-scripts/reject-known-sha1-collisions.sh?view=markup&pathrev=1784336

best.
-jacek

On Tue, May 2, 2017 at 3:32 AM, Stefan Sperling <stsp_at_elego.de> wrote:

> On Mon, May 01, 2017 at 11:57:54PM +0200, Johan Corveleyn wrote:
> > On Mon, May 1, 2017 at 10:54 PM, Julian Foad <julianfoad_at_apache.org>
> wrote:
> > > Just asking...
> > >
> > > As I understand it, we paused the issuing of 1.10 alpha releases
> because we
> > > considered that the final 1.10 release will need to address the SHA1
> > > collision issue otherwise it won't be considered a viable release.
> > >
> > > It seemed reasonable to pause for a bit while the SHA1 issue was
> worked on,
> > > and Stefan2 has done some work on that. But currently it seems that
> there is
> > > nobody doing any further work on it.
> > >
> > > We could continue waiting, or maybe now we should resume the alpha
> testing
> > > of the new features (conflict resolution), and let the SHA1 work be
> fixed as
> > > and when someone is motivated to do so (before or after 1.10). It
> seems to
> > > me that sometimes in open source we need to get on with doing what we
> can
> > > do, and just trust that someone else will do the rest.
> > >
> > > Thoughts?
> >
> > +1.
> >
> > I think this "pause-for-sha1-fixes" has now taken more than long
> > enough. We should try gathering our focus again on releasing 1.10, and
> > get the improvements it brings in the hands of users.
>
> I agree!
>
> I was one of the people pushing for more SHA1 fixes but I did not find
> time to do any of that work myself. I will not object if we decide that
> these changes will have to happen later on. We do not seem to have enough
> resources to push more SHA1 fixes through right now. So let's do whatever
> else we can get done instead.
> 

-- 
Jacek Materna
CTO
Assembla
210-410-7661
Received on 2017-05-02 15:21:13 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.