1/ Warren the guy who knows nothing about software security talks about
software security ...Wow. I don't get this.
2/ semi?
> « I think Fossil is in a much better position to do this sort of migration
> than, say, Git, due to its semi-centralized nature »
This would convince people to use Git
Thank you Marc...
1/ I've said that it is needed to let people choose their digest algorithm...
a) of course the Fossil team does not take into account what I've said.
b) I was wondering in the past when would it be possible to the lambda guy to
break the sha1.Finally it is worse than what I've ex
On Thu, Feb 23, 2017 at 06:12:18PM -0500, Martin Gagnon wrote:
> Seems that Git can store both of them, I beleive it calculate the sha1
> on a combination of the filename and the content or something like that.
No, it stores the object type first, which effectively creates a
different block struct
On Feb 23, 2017, at 10:50 AM, Marc Simpson wrote:
>
> This may be of interest to some here, especially in light of previous
> SHA-1 related discussions on list:
>
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Before I respond, first know that I respond out of c
On Thu, Feb 23, 2017 at 03:18:29PM -0800, bch wrote:
[snip]
>
> Or more correctly, "a *subsequent* file with the same sha1 hash..." If you
> happened to commit the Trojan file first, the "good" commit would have been
> the one to fail.
>
True, but if you pull from untrusted user (or give push
On Feb 23, 2017 15:12, "Martin Gagnon" wrote:
On Thu, Feb 23, 2017 at 09:50:12AM -0800, Marc Simpson wrote:
> This may be of interest to some here, especially in light of previous
> SHA-1 related discussions on list:
>
> https://security.googleblog.com/2017/02/announcing-first-
sha1-collision.h
On Thu, Feb 23, 2017 at 09:50:12AM -0800, Marc Simpson wrote:
> This may be of interest to some here, especially in light of previous
> SHA-1 related discussions on list:
>
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
>
Also, Here's a related discussion from g
[Default] On Thu, 23 Feb 2017 09:50:12 -0800, Marc Simpson
wrote:
>This may be of interest to some here, especially in light of previous
>SHA-1 related discussions on list:
>
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Interesting.
https://shattered.io/ says:
This may be of interest to some here, especially in light of previous
SHA-1 related discussions on list:
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
/M
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
ht
9 matches
Mail list logo