Hello, Given the fact that this is not an urgent requirement (all of us know that SHA1 works quite well as a hash for vcs), I would take a more conservative solution:
Version 2.1 uses SHA3 for new repositories or when actively required to do it (with a rebuild with special options), and continue to use SHA1 for existing repositories. ADVANTAGES 1- Avoid the caos of repositories that cannot be accessed because people have an old version and they do not want/can change the version 2- the motto "fossil is the first vcs to use SHA3..." is still valid 3- People concerned with SHA1 potencial insecurity do "fossil rebuild -converttosha3" 4- The rest of the world live happily without a new artificial problem that make their lives more difficult DISADVANTAGES The effective conversion of existing fossil repositories to SHA3 will take a little bit longer. Probably in 2 or 3 years nobody will use the old versions and a more active conversion can be done. Is this so terrible? RR 2017-03-01 23:38 GMT+01:00 Richard Hipp <[email protected]>: > On 3/1/17, Tony Papadimitriou <[email protected]> wrote: > > > > I believe DRH asked for feedback. And that was my feedback. > > Thank you. Your responses are very useful to me. > > -- > D. Richard Hipp > [email protected] > _______________________________________________ > fossil-users mailing list > [email protected] > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users >
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
