[fossil-users] Proposed roadmap for Fossil 2.0

This message is cross-posted to fossil-users and fossil-dev. Follow-ups should go to fossil-dev only, please. Thanks. I propose that the next release of Fossil be called "Fossil 2.0", that it occur before Easter (2017-04-16), and that it have the following features: (1) Fossil 2.0 is backwards

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Thu, Feb 23, 2017 at 11:23 PM, wrote: > > Date: Fri, 24 Feb 2017 04:23:06 + (UTC) > From: "K. Fossil user" > To: Fossil SCM user's discussion > Subject: > 2/ semi? > > > « I

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Fri, Feb 24, 2017 at 5:54 PM, wrote: > > Date: Fri, 24 Feb 2017 20:38:48 +0100 > From: Joerg Sonnenberger > Subject: Re: [fossil-users] Google Security Blog: Announcing the first > SHA1 collision > > On Fri, Feb 24, 2017 at

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

Hello, Does this mean that it is not so hard to adapt SHA algorithm to a better one ?:D DRH suspected that it would be hard :D :D :D Of course I don't agree with DRH ; I will never agree with him about security discuss either ... :-| Thank to "sgbeal". :-)   Best Regards K. De : Stephan

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Sun, Feb 26, 2017 at 10:34 PM, Richard Hipp wrote: > And in any event, I don't think centralization is a factor here. > Fossil is better positioned than Git or Mercurial to transition to a > different hash algorithm because the Fossil implementation uses a > relational

Re: [fossil-users] Proposed roadmap for Fossil 2.0

On 2/26/17, Tony Papadimitriou wrote: > > how urgent is the need to > transition away from SHA1? > From a technical standpoint, it is not very urgent, in my assessment. However, from a PR standpoint, I think it needs to happen quickly. It can also be a big PR win if we are able

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On 2/23/17, Warren Young wrote: > > I think Fossil is in a much better position to do this sort of migration > than, say, Git, due to its semi-centralized nature. Though they are technically distinct, in the minds of many users Git and GitHub are the same thing. And GitHub

Re: [fossil-users] Proposed roadmap for Fossil 2.0

Leaving aside for a moment the consequences in general of the presumed imminent SHA1 collapse (and some of the valid points already made by Linus regarding Git): If FOSSIL will refuse (and I actually tried it with those two same SHA1 PDFs) to accept a file (commit, push, pull) with the same

Re: [fossil-users] Google Security Blog: Announcing the first SHA1 collision

On Thu, Feb 23, 2017 at 7:02 PM, wrote: > > Date: Thu, 23 Feb 2017 17:01:56 -0700 > From: Warren Young > Subject: Re: [fossil-users] Google Security Blog: Announcing the first > SHA1 collision > > The PHC scheme would allow

Re: [fossil-users] Proposed roadmap for Fossil 2.0

I'm happy to see you thinking along those lines. >From a performance standpoint, I would rather see Fossil adopt the BLAKE2 hash, as it is one of the fastest of the SHA3 finalists, and has adjustable output hash size. On 27/02/2017 3:48, Richard Hipp wrote: > On 2/26/17, Tony Papadimitriou