Hi Richard, Thanks for replying!
On 10/29/2015 06:13 PM, Richard Hipp wrote: > On 10/29/15, Scott Robison <[email protected]> wrote: >> Why is the R card optional? > > Because it is expensive to compute on large repos (ex: NetBSD) with > hundreds of megabytes of content. Some projects elect to omit it. Therefore large projects have to choose between having order-of-magnitude slower security checks and being liable to SHA1 collision attacks. Moreover, it is precisely those large projects that suffer significantly from the slowdown that need additional protection the most (since it is easier to hide a malicious needle in a bigger haystack). Best, Eduard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
