Not super-relevant in the short term (since it seems we are going in
the direction of always rejecting SHA-1 collisions to enter the
repository) but maybe useful in the future if we would ever support
sha1 collisions: on irc some ideas were floated for overcoming the
SHA1 dependence of ra_serf's pr
Bringing this point from irc to dev@, so it doesn't get lost:
In the context of the recent SHA1-collision problems, and the
viability of ra_serf's pristine-downloading-optimisation (which uses
SHA-1), Brane suggested on irc: RA optimization "should" become the
result of capability negotiation.
--
On Mon, May 08, 2017 at 10:46:39AM +0200, Jacek Materna wrote:
> Team,
>
> I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it
> pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue the
> 1.10 alphas?" thread.
I have added a small advisory-style writeup we
On Tue, May 09, 2017 at 06:48:03PM +0200, Johan Corveleyn wrote:
> If needed, admins
> can (re-)enable rep-sharing for an existing repository (as long as a
> collision hasn't been committed yet), right?
Sure. However, any content committed while rep-sharing was
disabled will not be considered duri
On Tue, May 09, 2017 at 12:27:40PM -0400, Mark Phippard wrote:
> From the best I can tell we have no plan on how or when we could support
> this in the working copy. I have also seen a lot of people express
> interest in the hook scripts to block the sha1 collisions and not any real
> conversation
On Tue, May 9, 2017 at 6:27 PM, Mark Phippard wrote:
> On Tue, May 9, 2017 at 12:08 PM, Stefan Sperling wrote:
>>
>> On Tue, May 09, 2017 at 03:44:22PM +, Daniel Shahaf wrote:
>> > Stefan Sperling wrote on Tue, May 09, 2017 at 15:25:23 +0200:
>> > > This could be further extended by the confi
On Tue, May 9, 2017 at 12:08 PM, Stefan Sperling wrote:
> On Tue, May 09, 2017 at 03:44:22PM +, Daniel Shahaf wrote:
> > Stefan Sperling wrote on Tue, May 09, 2017 at 15:25:23 +0200:
> > > This could be further extended by the config knob to give users a
> choice.
> > > I don't see a good way
Jacek Materna wrote on Tue, May 09, 2017 at 14:39:51 +0200:
> On Tue, May 9, 2017 at 2:12 PM, Daniel Shahaf wrote:
> > Jacek Materna wrote on Mon, May 08, 2017 at 10:46:39 +0200:
> >> Team,
> >>
> >> I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it
> >> pertains to the SHA
On Tue, May 09, 2017 at 03:44:22PM +, Daniel Shahaf wrote:
> Stefan Sperling wrote on Tue, May 09, 2017 at 15:25:23 +0200:
> > This could be further extended by the config knob to give users a choice.
> > I don't see a good way of adding such a knob in a patch release, though.
>
> Just give th
Stefan Sperling wrote on Tue, May 09, 2017 at 15:25:23 +0200:
> This could be further extended by the config knob to give users a choice.
> I don't see a good way of adding such a knob in a patch release, though.
Just give the knob a name that indicates it's not forward compatible?
For illustrati
+1 on rejection.
On Tue, May 9, 2017 at 3:37 PM, Mark Phippard wrote:
> On Tue, May 9, 2017 at 9:25 AM, Stefan Sperling wrote:
>>
>> On IRC, Branko and Johan raised concerns about the proposed backport.
>>
>> The proposed backport allows files with SHA1 collisions into the
>> repository
>> and a
On Tue, May 9, 2017 at 9:25 AM, Stefan Sperling wrote:
> On IRC, Branko and Johan raised concerns about the proposed backport.
>
> The proposed backport allows files with SHA1 collisions into the repository
> and avoids de-duplication of such content by the rep-cache. It fixes the
> integrity pro
On Tue, May 9, 2017 at 8:02 AM, James McCoy wrote:
> > Subversion is a library and we should be very careful about this. I
> think this code is by default left out on Windows, but there are tons of
> cert reports where just loading a library dynamically to test something is
> a security problem,
Just observing from afar, in my opinion the root of what you are
trying to achieve here ties more to a lack of 'modern' collaboration.
If we want to engage the community/users more (expand the
IB/participation sphere - new - users) I would also explore
alternative mediums (versus email). One of the
On Tue, May 09, 2017 at 01:39:49PM +0200, Stefan Sperling wrote:
> On Tue, May 09, 2017 at 11:38:51AM +0200, Stefan Sperling wrote:
> > On Tue, Apr 18, 2017 at 12:54:20AM +, Daniel Shahaf wrote:
> > > % svnadmin load r2 < dump
> > > <<< Started new transaction, based on original revision 1
> >
Hi,
On Tue, May 9, 2017 at 2:12 PM, Daniel Shahaf wrote:
> Jacek Materna wrote on Mon, May 08, 2017 at 10:46:39 +0200:
>> Team,
>>
>> I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it
>> pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue the
>> 1.10 al
Jacek Materna wrote on Mon, May 08, 2017 at 10:46:39 +0200:
> Team,
>
> I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it
> pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue the
> 1.10 alphas?" thread.
>
> 1) We should bias towards pro-active mitigati
Stefan Sperling wrote on Thu, Mar 30, 2017 at 19:40:10 +0200:
> Should we disable ra_serf's callback for fetching content from the
> pristine store instead of from the repository when SHA1 matches?
> This could be done without a format change.
On IRC today, Johan and I both think that that optimis
On Tue, May 09, 2017 at 01:00:00PM +0200, Bert Huijben wrote:
> > -Original Message-
> > From: Stefan Sperling [mailto:s...@elego.de]
> > Sent: dinsdag 9 mei 2017 11:26
> > To: Bert Huijben
> > Cc: dev@subversion.apache.org
> > Subject: Re: svn commit: r1794433 - /subversion/branches/1.9.x
On Tue, May 09, 2017 at 11:38:51AM +0200, Stefan Sperling wrote:
> On Tue, Apr 18, 2017 at 12:54:20AM +, Daniel Shahaf wrote:
> > % svnadmin load r2 < dump
> > <<< Started new transaction, based on original revision 1
> > * editing path : shattered-1.pdf ... done.
> > * editing path
On Tue, May 09, 2017 at 01:00:00PM +0200, Bert Huijben wrote:
>
>
> > -Original Message-
> > From: Stefan Sperling [mailto:s...@elego.de]
> > Sent: dinsdag 9 mei 2017 11:26
> > To: Bert Huijben
> > Cc: dev@subversion.apache.org
> > Subject: Re: svn commit: r1794433 - /subversion/branches
On Tue, May 9, 2017 at 1:06 PM, Daniel Shahaf wrote:
> Andreas Stieger wrote on Tue, May 09, 2017 at 12:55:31 +0200:
>> Daniel Shahaf wrote:
>> > One of the ideas that came up was to establish a dedicated mailing list
>> > for beta / pre-release feedback. The thinking is that having a channel
>>
On Tue, Apr 4, 2017 at 11:33 AM, Stefan Sperling wrote:
> On Mon, Feb 20, 2017 at 09:05:25AM +0100, Bert Huijben wrote:
>> This code is still in trunk without any of the discussed improvements, so
>> this change is currently part of 1.10.0-alpha1.
>>
>> If we don't implement the improvements I thi
Andreas Stieger wrote on Tue, May 09, 2017 at 12:55:31 +0200:
> Daniel Shahaf wrote:
> > One of the ideas that came up was to establish a dedicated mailing list
> > for beta / pre-release feedback. The thinking is that having a channel
> > for advanced users to discuss 1.10-dev issues in — without
Stefan Sperling wrote on Tue, May 09, 2017 at 11:26:26 +0200:
> I am fine with restricting the PATH if that's a concern. Not sure what
> this would look like on Windows but we could probably restrict it to
> something like "/usr/bin:/usr/local/bin" on Unix-like systems without
> much risk of breaki
> -Original Message-
> From: Stefan Sperling [mailto:s...@elego.de]
> Sent: dinsdag 9 mei 2017 11:26
> To: Bert Huijben
> Cc: dev@subversion.apache.org
> Subject: Re: svn commit: r1794433 - /subversion/branches/1.9.x/STATUS
>
> On Tue, May 09, 2017 at 09:13:57AM +0200, Bert Huijben wrot
I know for a fact that UX is already a major decision point around choosing
Subversion over modern alternatives.
What have we done in the past? A staggered +1 release model seems worthy
where we announce it in version A [with it disabled] to allow users to
"opt-in".
If the value is there, users wi
Daniel Shahaf wrote:
> One of the ideas that came up was to establish a dedicated mailing list
> for beta / pre-release feedback. The thinking is that having a channel
> for advanced users to discuss 1.10-dev issues in — without noise from
> support requests or design discussions — might encourage
On Tue, May 09, 2017 at 10:40:17AM +, Daniel Shahaf wrote:
> Johan, Stefan and I were talking on IRC about getting more people (devs
> and users) to run trunk / prereleases, in order to find more bugs before
> .0's release.
>
> One of the ideas that came up was to establish a dedicated mailing
Johan, Stefan and I were talking on IRC about getting more people (devs
and users) to run trunk / prereleases, in order to find more bugs before
.0's release.
One of the ideas that came up was to establish a dedicated mailing list
for beta / pre-release feedback. The thinking is that having a cha
I have seen several instances of proposals in our STATUS file where I
cannot merge without text conflicts because I am using a trunk client.
I suppose most of us use 1.9.x clients to do such merges, because
otherwise there would be a lot more backport branches in STATUS when
nominations get added,
On Tue, Apr 18, 2017 at 12:54:20AM +, Daniel Shahaf wrote:
> % svnadmin load r2 < dump
> <<< Started new transaction, based on original revision 1
> * editing path : shattered-1.pdf ... done.
> * editing path : shattered-2.pdf ...svnadmin: E200014: Checksum mismatch
> for '/shattere
On Tue, May 09, 2017 at 09:13:57AM +0200, Bert Huijben wrote:
> I haven’t investigated this any further, but do we now try to start the
> gpg-agent on every invocation of a command just to poll if we perhaps have a
> GPG agent running, and might want to use that authentication option?
No. gpgconf
I haven’t investigated this any further, but do we now try to start the
gpg-agent on every invocation of a command just to poll if we perhaps have a
GPG agent running, and might want to use that authentication option?
I don’t think we want to do that as a simple replacement of a cheap check of a
34 matches
Mail list logo
