[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r1794632 - /subversion/trunk/notes/sha1-advisory.txt

From: Stefan Sperling <stsp_at_elego.de>
Date: Thu, 11 May 2017 10:18:29 +0200

On Thu, May 11, 2017 at 05:49:13AM +0000, Daniel Shahaf wrote:
> Daniel Shahaf wrote on Thu, May 11, 2017 at 05:20:53 +0000:
> > Johan Corveleyn wrote on Thu, May 11, 2017 at 01:34:18 +0200:
> > > Maybe something like this?
> > >
> > > "Subversion repositories can be broken, becoming partly inaccessible,
> > > by committing two files which have different content, yet produce the
> > > same SHA1 checksum. There is no data loss, but parts of the repository
> > > can no longer be checked out or committed into."
> >
> > Well, there _is_ data loss, so:
> >
> > Subversion fails to store a file that has the same sha1 as another
> > file in the repository. Attempts to retrieve the first file would
> > fail with a checksum error (from the md5 checksum that we also use),
> > however, if the two files had not only equal sha1's but also equal md5's,
> > then the wrong content would silently be returned.
> >
> > Plus a blurb about how that's not going to ever happen by accident.
>
> Oops, that was a suggested Details section, but we're talking about the
> Summary section. Pretend I suggested:
>
> Subversion repositories, in the default configuration, fail to store
> a file that has the same SHA-1 checksum as another file.

Please just go ahead and commit any changes you want to make to the file.
That would be a bit easier to follow and review.

We still have some time before we need a final version we all agree on.
Received on 2017-05-11 10:21:01 CEST

This is an archived mail posted to the Subversion Dev mailing list.