[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

From: Stefan Sperling <stsp_at_elego.de>
Date: Tue, 9 May 2017 18:08:24 +0200

On Tue, May 09, 2017 at 03:44:22PM +0000, Daniel Shahaf wrote:
> Stefan Sperling wrote on Tue, May 09, 2017 at 15:25:23 +0200:
> > This could be further extended by the config knob to give users a choice.
> > I don't see a good way of adding such a knob in a patch release, though.
>
> Just give the knob a name that indicates it's not forward compatible?
>
> For illustration, if the knob in 1.10 will be called "foo", then the
> knob in 1.9.6 could be named "SVN_NFC_foo", where the prefix stands for
> "svn not forward compatible".

For a patch release I would generally prefer a simple solution that
does not add knobs. A fix that people can install and forget about
is going to be appreciated the most after all the hype and worrying
this problem has caused.

And I wonder who would really want to tweak such a knob in the first place.
People who really wish to store SHA1 collisions in their FSFS repository
could just disable rep-sharing, couldn't they?
Received on 2017-05-09 18:08:36 CEST

This is an archived mail posted to the Subversion Dev mailing list.