Re: [PATCH] reject SHA1 collisions

On 09.05.2017 15:25, Stefan Sperling wrote: On Tue, May 09, 2017 at 01:39:49PM +0200, Stefan Sperling wrote: On Tue, May 09, 2017 at 11:38:51AM +0200, Stefan Sperling wrote: On Tue, Apr 18, 2017 at 12:54:20AM +, Daniel Shahaf wrote: % svnadmin load r2 < dump <<< Started new transaction, ba

Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

On Tue, May 09, 2017 at 06:48:03PM +0200, Johan Corveleyn wrote: > If needed, admins > can (re-)enable rep-sharing for an existing repository (as long as a > collision hasn't been committed yet), right? Sure. However, any content committed while rep-sharing was disabled will not be considered duri

Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

On Tue, May 09, 2017 at 12:27:40PM -0400, Mark Phippard wrote: > From the best I can tell we have no plan on how or when we could support > this in the working copy. I have also seen a lot of people express > interest in the hook scripts to block the sha1 collisions and not any real > conversation

Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

On Tue, May 9, 2017 at 6:27 PM, Mark Phippard wrote: > On Tue, May 9, 2017 at 12:08 PM, Stefan Sperling wrote: >> >> On Tue, May 09, 2017 at 03:44:22PM +, Daniel Shahaf wrote: >> > Stefan Sperling wrote on Tue, May 09, 2017 at 15:25:23 +0200: >> > > This could be further extended by the confi

Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

On Tue, May 9, 2017 at 12:08 PM, Stefan Sperling wrote: > On Tue, May 09, 2017 at 03:44:22PM +, Daniel Shahaf wrote: > > Stefan Sperling wrote on Tue, May 09, 2017 at 15:25:23 +0200: > > > This could be further extended by the config knob to give users a > choice. > > > I don't see a good way

Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

On Tue, May 09, 2017 at 03:44:22PM +, Daniel Shahaf wrote: > Stefan Sperling wrote on Tue, May 09, 2017 at 15:25:23 +0200: > > This could be further extended by the config knob to give users a choice. > > I don't see a good way of adding such a knob in a patch release, though. > > Just give th

Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

Stefan Sperling wrote on Tue, May 09, 2017 at 15:25:23 +0200: > This could be further extended by the config knob to give users a choice. > I don't see a good way of adding such a knob in a patch release, though. Just give the knob a name that indicates it's not forward compatible? For illustrati

Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

+1 on rejection. On Tue, May 9, 2017 at 3:37 PM, Mark Phippard wrote: > On Tue, May 9, 2017 at 9:25 AM, Stefan Sperling wrote: >> >> On IRC, Branko and Johan raised concerns about the proposed backport. >> >> The proposed backport allows files with SHA1 collisions into the >> repository >> and a

Re: [PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

On Tue, May 9, 2017 at 9:25 AM, Stefan Sperling wrote: > On IRC, Branko and Johan raised concerns about the proposed backport. > > The proposed backport allows files with SHA1 collisions into the repository > and avoids de-duplication of such content by the rep-cache. It fixes the > integrity pro

[PATCH] reject SHA1 collisions (was: Re: Progress on SHA-1 fixes in patch releases?)

On Tue, May 09, 2017 at 01:39:49PM +0200, Stefan Sperling wrote: > On Tue, May 09, 2017 at 11:38:51AM +0200, Stefan Sperling wrote: > > On Tue, Apr 18, 2017 at 12:54:20AM +, Daniel Shahaf wrote: > > > % svnadmin load r2 < dump > > > <<< Started new transaction, based on original revision 1 > >