Re: Switching from SHA1 to a checksum type without known collisions in 1.15 working copy format

Evgeny Kotkov via dev wrote on Sun, Jan 29, 2023 at 16:37:20 +0300: > Daniel Shahaf writes: > > > > (I'm not saying that the above rules have to be used in this particular > > > case > > > and that a veto is invalid, but still thought it’s worth mentioning.) > > > > > > > I vetoed the change be

Re: Switching from SHA1 to a checksum type without known collisions in 1.15 working copy format

Karl Fogel wrote on Mon, Jan 30, 2023 at 17:26:03 -0600: > On 29 Jan 2023, Evgeny Kotkov via dev wrote: > > I have *absolutely* no idea where "being railroaded through" comes > > from. Really, it's a wrong way of portraying and thinking about the > > events that have happened so far. > > > > Reit

Re: Switching from SHA1 to a checksum type without known collisions in 1.15 working copy format

Evgeny Kotkov via dev wrote on Sun, Jan 29, 2023 at 16:36:12 +0300: > Daniel Shahaf writes: > > > > That could happen after a public disclosure of a pair of executable > > > files/scripts where the forged version allows for remote code execution. > > > Or maybe something similar with a file forma