Great to hear on 1.10 move along. On SHA1 I can help if you feel it may move things along in *parallel* - we ended up having to use the pre-commit hook for our customer base as per https://svn.apache.org/viewvc/subversion/trunk/tools/hook-scripts/reject-known-sha1-collisions.sh?view=markup&pathrev=1784336
best. -jacek On Tue, May 2, 2017 at 3:32 AM, Stefan Sperling <s...@elego.de> wrote: > On Mon, May 01, 2017 at 11:57:54PM +0200, Johan Corveleyn wrote: > > On Mon, May 1, 2017 at 10:54 PM, Julian Foad <julianf...@apache.org> > wrote: > > > Just asking... > > > > > > As I understand it, we paused the issuing of 1.10 alpha releases > because we > > > considered that the final 1.10 release will need to address the SHA1 > > > collision issue otherwise it won't be considered a viable release. > > > > > > It seemed reasonable to pause for a bit while the SHA1 issue was > worked on, > > > and Stefan2 has done some work on that. But currently it seems that > there is > > > nobody doing any further work on it. > > > > > > We could continue waiting, or maybe now we should resume the alpha > testing > > > of the new features (conflict resolution), and let the SHA1 work be > fixed as > > > and when someone is motivated to do so (before or after 1.10). It > seems to > > > me that sometimes in open source we need to get on with doing what we > can > > > do, and just trust that someone else will do the rest. > > > > > > Thoughts? > > > > +1. > > > > I think this "pause-for-sha1-fixes" has now taken more than long > > enough. We should try gathering our focus again on releasing 1.10, and > > get the improvements it brings in the hands of users. > > I agree! > > I was one of the people pushing for more SHA1 fixes but I did not find > time to do any of that work myself. I will not object if we decide that > these changes will have to happen later on. We do not seem to have enough > resources to push more SHA1 fixes through right now. So let's do whatever > else we can get done instead. > -- Jacek Materna CTO Assembla 210-410-7661
