[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

From: Stefan Fuhrmann <stefan2_at_apache.org>
Date: Tue, 16 May 2017 20:59:23 +0200

On 16.05.2017 15:10, Jacek Materna wrote:
> On Sun, May 14, 2017 at 1:59 PM, Stefan Fuhrmann
> <stefanfuhrmann_at_alice-dsl.de> wrote:
>> On 09.05.2017 20:43, Stefan Sperling wrote:
>>> On Mon, May 08, 2017 at 10:46:39AM +0200, Jacek Materna wrote:
>>>> Team,
>>>>
>>>> I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it
>>>> pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue
>>>> the
>>>> 1.10 alphas?" thread.
>>> I have added a small advisory-style writeup we could mail out along
>>> with a 1.9.6 release announcement: http://svn.apache.org/r1794624
>>> Does this look OK?
>>>
>>> Of course, the FAQ and such could still be updated.
>>>
>> Looks good!
>>
>> The only thing I'm not sure about is whether to
>> stress the fact that the user will also lose data.
>> It's there, implicitly, but the wording feels a bit
>> too focussed on the "errors and inconvenience"
>> side of things.
>>
>> -- Stefan^2.
>>
>>
> I have not changed the reference to the trunk version of the hook
> script as I have not seen a stable "release" branch/tag version which
> has it in place yet. I assume this will come after release.
>
> [[[
> Add to website FAQ around SHA-1 vulnerability
> ]]]
Thanks for the patch!
Committed as r1795354 with a few minor tweaks.

Although the mentioned 1.9.6 does not exist, yet,
I think the hook script solution is valid and useful
information to have in the FAQ. 1.9.6 will follow
soon, I hope.

Maybe, we should add a link to the advisory into
the FAQ.

-- Stefan^2.
Received on 2017-05-16 20:59:51 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.