On 11/29/17, Joerg Sonnenberger <[email protected]> wrote:
>>
>> For example, if checkin [1234abcd] has a comment that refers to ticket
>> [bcdef522] which in turn refers to artifact ID [6543cfe], is the
>> migration tool expected to chase and re-point all those links when all
>> the hashes change?
>
> That can be handled by adding optional aliases. Old links will remain
> valid even though the integrity of the repository depends on the
> stronger hash.
Yes, that could be done, in theory. But then we'd have to invent a
new artifact type to communicate the aliases, or else the links would
work on the original repository only, and fail on clones. That's a
lot of extra complication. Isn't it better just to keep the legacy
SHA1 hashes and use SHA3 moving forwards?
FWIW, Fossil now uses Marc Stevens and Dan Shumow's "hardened SHA1"
for legacy hashes. Hardened SHA1 is not vulnerable to the SHAttered
attach. See
https://github.com/cr-marcstevens/sha1collisiondetection
for additional information.
--
D. Richard Hipp
[email protected]
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
