[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SHA1 collisions became cheaper to create.

From: Paul Hammant <paul_at_hammant.org>
Date: Wed, 15 May 2019 14:03:22 +0100

Yes, Subversion would remain good a keeping versions of honest development work.

Problem I'm trying to solve: In an audit situation where prior commits
were to be analyzed the owner of the repo that was motivated enough
could tell the auditor that black was while in respect of a certain
historical commit. Assuming the auditor had prior SHA1s (in lieu of a
full Merkle tree), for the resources at a historical revision under

Granted PDF payloads (& other large encoded-stream binaries like
movies) are susceptible for such retroactive fakery, whereas
CR-delimited text files with plausible content are not retroactively
fake-able without that being clear to the eye: "Hey, that's not a C
source file".

Feel free to ignore - this can wait a number of years.
Received on 2019-05-15 15:03:29 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.