Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On 2/23/2017 4:01 PM, Warren Young wrote: The PHC scheme would allow Fossil to migrate to something stronger in a backwards-compatible fashion: https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md That is, if the hash argument in the F, P, and Q cards is not 40

Re: [fossil-users] Obsolete, unset, and unused columns in Fossil DB

On 2/24/17, Warren Young wrote: > While poking around inside the Fossil DB, I came away with several > questions: > > 1. What is event.euser? This column seems completely unused on my largest > repository. (select distinct count(euser) from event == 0) I’ve tried > grepping

[fossil-users] Fixing incorrect user names imported from another SCM

While looking at the main /reports page (Timeline Events by User) on a long-lived repo originally converted from Subversion (itself converted from CVS), I saw some old user names that don’t match the user names currently defined in Fossil’s user table. These were imported from our prior SCM(s)

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Thu, Feb 23, 2017 at 05:01:56PM -0700, Warren Young wrote: > Second, there will be those who say we’ve covered all of this already, > multiple times. I know, I was there. But now we have new data. > Before, this sort of attack was theoretical only. Now it’s not only > proven possible, it is

Re: [fossil-users] Fixing incorrect user names imported from another SCM

On Fri, Feb 24, 2017 at 10:27:11AM -0700, Warren Young wrote: > What table did I miss updating? Where is “fossil clone” getting the old user > names from? From the blob table :) Joerg ___ fossil-users mailing list fossil-users@lists.fossil-scm.org

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

Are you saing: contenthash = sha256(content); identifier = sha256 (contenthash . blobtype . conentsize . content); "blobtype" == cardtype ? -bch On 2/24/17, Joerg Sonnenberger wrote: > On Thu, Feb 23, 2017 at 05:01:56PM -0700, Warren Young wrote: >> Second, there will be

[fossil-users] Obsolete, unset, and unused columns in Fossil DB

While poking around inside the Fossil DB, I came away with several questions: 1. What is event.euser? This column seems completely unused on my largest repository. (select distinct count(euser) from event == 0) I’ve tried grepping the source, and all I saw is a bunch of coalesce(user,euser)

Re: [fossil-users] Fixing incorrect user names imported from another SCM

On Feb 24, 2017, at 10:49 AM, Joerg Sonnenberger wrote: > > On Fri, Feb 24, 2017 at 10:27:11AM -0700, Warren Young wrote: >> What table did I miss updating? Where is “fossil clone” getting the old >> user names from? > > From the blob table :) I assume you mean the U card in

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Fri, Feb 24, 2017 at 10:32:20AM -0800, bch wrote: > Are you saing: > > contenthash = sha256(content); > identifier = sha256 (contenthash . blobtype . conentsize . content); > > "blobtype" == cardtype ? Yes. Joerg ___ fossil-users mailing list

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Feb 24, 2017, at 10:37 AM, Joerg Sonnenberger wrote: > > On Thu, Feb 23, 2017 at 05:01:56PM -0700, Warren Young wrote: >> But now we have new data. >> Before, this sort of attack was theoretical only. Now it’s not only >> proven possible, it is already within the ROI budget for