Re: SHA1 collisions became cheaper to create.
The Git folks moved to a hardened SHA1 function as an interim measure
on the way to SHA-256 -
I think you're generally right. While I might think that an auditor
would simply be advised of the root hash for a Merkle tree that for a
branch at a moment in time, or a tag, Subversion doesn't have a a
Merkle tree under the hood. I coded something niche to retrofit
Subversion with that, but it's not core and far from perfect as it
relies on an LRU cache and keeps no history itself. Git's merkle tree
would be perfect if it didn't blow up when repos get too big, and if
allowed clone from nodes other than root (branches and tags are in
respect of root of course). So, ignore me here.
Received on 2019-05-21 07:06:42 CEST
This is an archived mail posted to the Subversion Dev