Maybe I'm making this too hard.... Here is plan B:
Continue to use SHA1 hashes as the "names" of artifacts. But also store a second hash for each artifact as a double-check against collisions. This would allow hash collisions to be detected immediately, and the colliding artifacts to be automatically shunned, or otherwise disabled, rendering them harmless. The insight here is that SHA1 hash collisions never occur by accident. They are always the result of malice. So shunning the artifacts involved is never a problem. The secondary hash could be any large hash. MD4 would probably be sufficient. SHA1 and MD4 are both broken (MD4 much more so) but nobody has yet devised two files that generate identical SHA1 and MD4 hashes at the same time! For the best defense, though, we might as well make the secondary hash SHA3-224. If that is the only change, then the next release can be version 1.38. There is no need to go to version 2.0. -- D. Richard Hipp d...@sqlite.org _______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev