Article: https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/
Subversion makes a SHA1 hash for each resource held. It is certainly available as part of the detail for a file/resource, but I don't know to what extend the PUT logic relies on it. The ZDNet article talks of better algorithms, but perhaps isn't an authority on which one is best. I wonder if a pluggable design would work. Separately a mechanism for the server to reject a Subversion client as too old may be needed. - Paul
