On Mon, Feb 27, 2017 at 8:59 PM, Richard Hipp <d...@sqlite.org> wrote:
> The insight here is that SHA1 hash collisions never occur by accident. > They are always the result of malice. So shunning the artifacts > involved is never a problem. > Isn't that what will already happen with the current version? If someone tries to commit an artifact that has a SHA1 hash that is already in the repo, fossil will assume it is the same artifact and not add the new one, effectively shunning it. However, I disagree with your assessment that it is always the result of malice. While it is definitely not an accident, it could be intentional, e.g. the recent WebKit SVN issue, where they wanted to add both PDFs from the SHAttered.io example to their repo for use in their test suite. -- ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı
_______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
