[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Tue, 9 May 2017 16:12:17 +0000

Jacek Materna wrote on Tue, May 09, 2017 at 14:39:51 +0200:
> On Tue, May 9, 2017 at 2:12 PM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> > Jacek Materna wrote on Mon, May 08, 2017 at 10:46:39 +0200:
> >> Team,
> >>
> >> I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it
> >> pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue the
> >> 1.10 alphas?" thread.
> >>
> >> 1) We should bias towards pro-active mitigation of this issue in docs/code
> >> as we know a real solution will likely NOT come with 1.10 after all.
> >
> > Agreed: a solution in code would be preferable, but whichever cases are
> > not working as we want them to, should be documented.
> >
> >> 2) Consider patching 1.10 with de-duplication off by default ?
> >
> > What's the rationale behind this? (honest question)
> >
> > I can see that this would, for one, allow sha1 collisions to be
> > committed over RA, but I'm not sure what benefit you have in mind.
> >
>
> Apologize for the ambiguity. I had the representation sharing feature
> in-mind (fsfs.conf).
> Ideally we know we want to fix it so that it recognizes this scenario as
> two different files and does not try to share the content.

Current trunk behaves this way since r1785734/r1785754. Moreover, given
the status of the "[PATCH] reject SHA1 collisions" thread, it seems
likely that 1.10.0 will refuse to admit collisions into the repository
using a FSFS-level check that's active whenever rep-sharing is.
I assume these changes address the concern underlying your point #2?

Looking forward to the revised patch.

Cheers,

Daniel
Received on 2017-05-09 18:12:24 CEST

This is an archived mail posted to the Subversion Dev mailing list.