[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1794632 - /subversion/trunk/notes/sha1-advisory.txt

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Thu, 11 May 2017 05:49:13 +0000

Daniel Shahaf wrote on Thu, May 11, 2017 at 05:20:53 +0000:
> Johan Corveleyn wrote on Thu, May 11, 2017 at 01:34:18 +0200:
> > Maybe something like this?
> >
> > "Subversion repositories can be broken, becoming partly inaccessible,
> > by committing two files which have different content, yet produce the
> > same SHA1 checksum. There is no data loss, but parts of the repository
> > can no longer be checked out or committed into."
>
> Well, there _is_ data loss, so:
>
> Subversion fails to store a file that has the same sha1 as another
> file in the repository. Attempts to retrieve the first file would
> fail with a checksum error (from the md5 checksum that we also use),
> however, if the two files had not only equal sha1's but also equal md5's,
> then the wrong content would silently be returned.
>
> Plus a blurb about how that's not going to ever happen by accident.

Oops, that was a suggested Details section, but we're talking about the
Summary section. Pretend I suggested:

    Subversion repositories, in the default configuration, fail to store
    a file that has the same SHA-1 checksum as another file.
Received on 2017-05-11 07:49:26 CEST

This is an archived mail posted to the Subversion Dev mailing list.