On Fri, Feb 24, 2017 at 2:43 AM, Stefan wrote:
...
> Please note that normally we'd have shipped this version with OpenSSL
> 1.1.0c. However, we decided to postpone an upgrade to OpenSSL 1.1.0 for
> the time being due to Apache httpd not having a compatible release
> available
On 2/24/2017 11:06 AM, Johan Corveleyn wrote:
On Fri, Feb 24, 2017 at 2:43 AM, Stefan wrote:
...
Please note that normally we'd have shipped this version with OpenSSL
1.1.0c. However, we decided to postpone an upgrade to OpenSSL 1.1.0 for
the time being due to Apache httpd not
On Fri, Feb 24, 2017 at 3:39 AM, Stefan wrote:
> On 2/21/2017 13:54, Stefan Sperling wrote:
>> The new 1.10.1-alpha2 release is up for signing.
>>
>> The proposed 1.10.0-alpha1 release had a compilation problem on Windows.
>> The alpha2 release should fix this problem. It is
On 2/24/2017 6:26 AM, Daniel Shahaf wrote:
Andreas Stieger wrote on Thu, Feb 23, 2017 at 21:08:43 +0100:
+++ tools/dist/release.py (working copy)
@@ -537,9 +537,9 @@ def roll_tarballs(args):
shutil.move(filename, get_deploydir(args.base_dir))
filename =
On Fri, Feb 24, 2017 at 03:39:43AM +0100, Stefan wrote:
> On 2/21/2017 13:54, Stefan Sperling wrote:
> > The new 1.10.1-alpha2 release is up for signing.
> >
> > The proposed 1.10.0-alpha1 release had a compilation problem on Windows.
> > The alpha2 release should fix this problem. It is based on
On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
> Earlier today, the first known SHA1 collision was presented:
>
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
> http://shattered.io/
>
> It turns out that adding these two PDF files to a svn
On 24.02.2017 11:51, Stefan Sperling wrote:
> On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
>> Earlier today, the first known SHA1 collision was presented:
>>
>>
>> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
>> http://shattered.io/
>>
>> It
On 2/24/2017 12:48 PM, Stefan Hett wrote:
On 2/24/2017 12:28 PM, Daniel Shahaf wrote:
Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
On 24.02.2017 11:51, Stefan Sperling wrote:
On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
Earlier today, the first known SHA1
On 24.02.2017 12:28, Daniel Shahaf wrote:
> Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
>> On 24.02.2017 11:51, Stefan Sperling wrote:
>>> On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
Earlier today, the first known SHA1 collision was presented:
Linus weighs on on Git's use of SHA1 (may be interesting)
http://marc.info/?l=git=148787047422954=2
On 24.02.2017 14:52, Daniel Shahaf wrote:
> Branko Čibej wrote on Fri, Feb 24, 2017 at 12:59:16 +0100:
>> On 24.02.2017 12:28, Daniel Shahaf wrote:
>>> Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
This is precisely why rep-sharing is disabled by default when the
repository
Branko Čibej wrote on Fri, Feb 24, 2017 at 12:59:16 +0100:
> On 24.02.2017 12:28, Daniel Shahaf wrote:
> > Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
> >> This is precisely why rep-sharing is disabled by default when the
> >> repository is created.
> >
> > It's _enabled_ by
The whole idea of the pristine cache is handling duplicate files… I don’t see
what you are trying to solve by adding a salt.
The pristine store is not a password store, where expensive hashing is a good
feature… not a user facing slowdown and we never designed Subversion as a
storage area for
I remember some experiments in early development of WC-NG where we measured
which checksums worked vs which ones were too expensive. Going to the SHA1
family was at least 5 times more expensive or so…
We determined back then SHA1 was good enough for our use and that of our users
‘except for
Surely two files with the same hash was always a posibility, not matter what
the hash function is?
Barry
> On 24 Feb 2017, at 16:55, Mark Phippard wrote:
>
> Someone may want to jump in here:
>
> https://news.ycombinator.com/item?id=13725093
>
> Mark
>
>
>> On Feb 24,
Someone may want to jump in here:
https://news.ycombinator.com/item?id=13725093
Mark
> On Feb 24, 2017, at 5:51 AM, Stefan Sperling wrote:
>
>> On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
>> Earlier today, the first known SHA1 collision was presented:
>>
Hi,
"Stefan Hett" wrote:
> On 2/23/2017 9:02 PM, Øyvind A. Holm wrote:
> > This is the only known SHA-1 collision at the moment, but Google will
> > release the collision code in 90 days, so we can expect this not to last
> > forever.
> Reading up on that in an article on a German magazine [1]
On 2/24/2017 11:35, Stefan Sperling wrote:
> On Fri, Feb 24, 2017 at 03:39:43AM +0100, Stefan wrote:
>> On 2/21/2017 13:54, Stefan Sperling wrote:
>>> The new 1.10.1-alpha2 release is up for signing.
>>>
>>> The proposed 1.10.0-alpha1 release had a compilation problem on Windows.
>>> The alpha2
On Fri, Feb 24, 2017 at 5:51 AM, Stefan Sperling wrote:
> On Thu, Feb 23, 2017 at 09:02:28PM +0100, Řyvind A. Holm wrote:
> > Earlier today, the first known SHA1 collision was presented:
> >
> > https://security.googleblog.com/2017/02/announcing-first-
> sha1-collision.html
>
On Fri, Feb 24, 2017 at 01:03:09PM -0500, Mark Phippard wrote:
> Note that while this does fix the error, but because of the sha1 storage
> sharing in the working copy you actually do not get the correct files.
> Both PDF's wind up being the same file, I imagine whichever one you receive
> first
Hi,
This hook script can prevent further corruptions through files based on
the known two 320 bytes prefixes.
https://svn.apache.org/r1784336
Andreas
Andreas Stieger wrote on Fri, Feb 24, 2017 at 16:17:44 +0100:
> Hi,
>
> "Stefan Hett" wrote:
> > On 2/23/2017 9:02 PM, Øyvind A. Holm wrote:
> > > This is the only known SHA-1 collision at the moment, but Google will
> > > release the collision code in 90 days, so we can expect this not to last
>
On Fri, Feb 24, 2017 at 3:29 PM, wrote:
>...
> +++ subversion/trunk/tools/hook-scripts/reject-known-sha1-collisions.sh
> Fri Feb 24 21:29:04 2017
>
>...
> +$SVNLOOK changed -t "$TXN" "$REPOS"
> +if [ $? -ne 0 ]; then
> + echo $FILES >&2
> + echo "svnlook failed, possible
23 matches
Mail list logo