Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

From: Stefan Sperling <stsp_at_elego.de>
Date: Tue, 9 May 2017 18:08:24 +0200

On Tue, May 09, 2017 at 03:44:22PM +0000, Daniel Shahaf wrote:
> Stefan Sperling wrote on Tue, May 09, 2017 at 15:25:23 +0200:
> > This could be further extended by the config knob to give users a choice.
> > I don't see a good way of adding such a knob in a patch release, though.
>
> Just give the knob a name that indicates it's not forward compatible?
>
> For illustration, if the knob in 1.10 will be called "foo", then the
> knob in 1.9.6 could be named "SVN_NFC_foo", where the prefix stands for
> "svn not forward compatible".

For a patch release I would generally prefer a simple solution that
does not add knobs. A fix that people can install and forget about
is going to be appreciated the most after all the hype and worrying
this problem has caused.

And I wonder who would really want to tweak such a knob in the first place.
People who really wish to store SHA1 collisions in their FSFS repository
could just disable rep-sharing, couldn't they?
Received on 2017-05-09 18:08:36 CEST

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: [PATCH] 1.10 Release notes and FAQ around SHA-1"
Previous message: Daniel Shahaf: "Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)"
In reply to: Daniel Shahaf: "Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)"
Next in thread: Mark Phippard: "Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)"
Reply: Mark Phippard: "Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]