On Fri, Feb 24, 2017 at 3:39 AM, Stefan wrote:
> On 2/21/2017 13:54, Stefan Sperling wrote:
>> The new 1.10.1-alpha2 release is up for signing.
>>
>> The proposed 1.10.0-alpha1 release had a compilation problem on Windows.
>> The alpha2 release should fix this problem. It is based on trunk@r178388
On Fri, Feb 24, 2017 at 2:43 AM, Stefan wrote:
...
> Please note that normally we'd have shipped this version with OpenSSL
> 1.1.0c. However, we decided to postpone an upgrade to OpenSSL 1.1.0 for
> the time being due to Apache httpd not having a compatible release
> available just yet.
I also tr
On 2/24/2017 11:06 AM, Johan Corveleyn wrote:
On Fri, Feb 24, 2017 at 2:43 AM, Stefan wrote:
...
Please note that normally we'd have shipped this version with OpenSSL
1.1.0c. However, we decided to postpone an upgrade to OpenSSL 1.1.0 for
the time being due to Apache httpd not having a compatib
On 2/24/2017 6:26 AM, Daniel Shahaf wrote:
Andreas Stieger wrote on Thu, Feb 23, 2017 at 21:08:43 +0100:
+++ tools/dist/release.py (working copy)
@@ -537,9 +537,9 @@ def roll_tarballs(args):
shutil.move(filename, get_deploydir(args.base_dir))
filename = os.path.join
On Fri, Feb 24, 2017 at 03:39:43AM +0100, Stefan wrote:
> On 2/21/2017 13:54, Stefan Sperling wrote:
> > The new 1.10.1-alpha2 release is up for signing.
> >
> > The proposed 1.10.0-alpha1 release had a compilation problem on Windows.
> > The alpha2 release should fix this problem. It is based on t
On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
> Earlier today, the first known SHA1 collision was presented:
>
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
> http://shattered.io/
>
> It turns out that adding these two PDF files to a svn repo
On 24.02.2017 11:51, Stefan Sperling wrote:
> On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
>> Earlier today, the first known SHA1 collision was presented:
>>
>>
>> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
>> http://shattered.io/
>>
>> It t
Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
> On 24.02.2017 11:51, Stefan Sperling wrote:
> > On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
> >> Earlier today, the first known SHA1 collision was presented:
> >>
> >>
> >> https://security.googleblog.com/2017/02/an
On 2/24/2017 12:28 PM, Daniel Shahaf wrote:
Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
On 24.02.2017 11:51, Stefan Sperling wrote:
On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
Earlier today, the first known SHA1 collision was presented:
https://security.g
On 2/24/2017 12:48 PM, Stefan Hett wrote:
On 2/24/2017 12:28 PM, Daniel Shahaf wrote:
Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
On 24.02.2017 11:51, Stefan Sperling wrote:
On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
Earlier today, the first known SHA1 coll
On 24.02.2017 12:28, Daniel Shahaf wrote:
> Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
>> On 24.02.2017 11:51, Stefan Sperling wrote:
>>> On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
Earlier today, the first known SHA1 collision was presented:
>>
Linus weighs on on Git's use of SHA1 (may be interesting)
http://marc.info/?l=git&m=148787047422954&w=2
> Linus weighs on on Git's use of SHA1 (may be interesting)
> http://marc.info/?l=git&m=148787047422954&w=2
It affects svn more due to it's use of sha1 for versioned entities (here:
files) rather than trees.
Andreas
Hello,
> > Should we keep generating both .sha1 and .sha512 for a transition
> > period?
> >
> IMO this would make sense. At least on Windows there are still several
> tools to verify file integrity which don't support SHA-512 just yet (one
> example [1]). Might pose another burden for some user
On 24.02.2017 13:41, Andreas Stieger wrote:
>> Linus weighs on on Git's use of SHA1 (may be interesting)
>> http://marc.info/?l=git&m=148787047422954&w=2
> It affects svn more due to it's use of sha1 for versioned entities (here:
> files) rather than trees.
Except that content indexing in Subvers
Branko Čibej wrote on Fri, Feb 24, 2017 at 12:59:16 +0100:
> On 24.02.2017 12:28, Daniel Shahaf wrote:
> > Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
> >> This is precisely why rep-sharing is disabled by default when the
> >> repository is created.
> >
> > It's _enabled_ by default:
On 24.02.2017 14:52, Daniel Shahaf wrote:
> Branko Čibej wrote on Fri, Feb 24, 2017 at 12:59:16 +0100:
>> On 24.02.2017 12:28, Daniel Shahaf wrote:
>>> Branko Čibej wrote on Fri, Feb 24, 2017 at 12:18:05 +0100:
This is precisely why rep-sharing is disabled by default when the
repository i
On 2/23/2017 9:02 PM, Øyvind A. Holm wrote:
This is the only known SHA-1 collision at the moment, but Google will
release the collision code in 90 days, so we can expect this not to last
forever.
Reading up on that in an article on a German magazine [1] clarifies that
the effort to create that h
Hi,
"Stefan Hett" wrote:
> On 2/23/2017 9:02 PM, Øyvind A. Holm wrote:
> > This is the only known SHA-1 collision at the moment, but Google will
> > release the collision code in 90 days, so we can expect this not to last
> > forever.
> Reading up on that in an article on a German magazine [1] cla
On 2/24/2017 11:35, Stefan Sperling wrote:
> On Fri, Feb 24, 2017 at 03:39:43AM +0100, Stefan wrote:
>> On 2/21/2017 13:54, Stefan Sperling wrote:
>>> The new 1.10.1-alpha2 release is up for signing.
>>>
>>> The proposed 1.10.0-alpha1 release had a compilation problem on Windows.
>>> The alpha2 rel
On Fri, Feb 24, 2017 at 04:17:44PM +0100, Andreas Stieger wrote:
> Hi,
>
> "Stefan Hett" wrote:
> > On 2/23/2017 9:02 PM, Øyvind A. Holm wrote:
> > > This is the only known SHA-1 collision at the moment, but Google will
> > > release the collision code in 90 days, so we can expect this not to last
Someone may want to jump in here:
https://news.ycombinator.com/item?id=13725093
Mark
> On Feb 24, 2017, at 5:51 AM, Stefan Sperling wrote:
>
>> On Thu, Feb 23, 2017 at 09:02:28PM +0100, Øyvind A. Holm wrote:
>> Earlier today, the first known SHA1 collision was presented:
>>
>> https://secur
Surely two files with the same hash was always a posibility, not matter what
the hash function is?
Barry
> On 24 Feb 2017, at 16:55, Mark Phippard wrote:
>
> Someone may want to jump in here:
>
> https://news.ycombinator.com/item?id=13725093
>
> Mark
>
>
>> On Feb 24, 2017, at 5:51 AM, Ste
On Fri, Feb 24, 2017 at 5:51 AM, Stefan Sperling wrote:
> On Thu, Feb 23, 2017 at 09:02:28PM +0100, Řyvind A. Holm wrote:
> > Earlier today, the first known SHA1 collision was presented:
> >
> > https://security.googleblog.com/2017/02/announcing-first-
> sha1-collision.html
> > http://shatter
On Fri, Feb 24, 2017 at 01:03:09PM -0500, Mark Phippard wrote:
> Note that while this does fix the error, but because of the sha1 storage
> sharing in the working copy you actually do not get the correct files.
> Both PDF's wind up being the same file, I imagine whichever one you receive
> first is
Hi,
This hook script can prevent further corruptions through files based on
the known two 320 bytes prefixes.
https://svn.apache.org/r1784336
Andreas
Andreas Stieger wrote on Fri, Feb 24, 2017 at 16:17:44 +0100:
> Hi,
>
> "Stefan Hett" wrote:
> > On 2/23/2017 9:02 PM, Øyvind A. Holm wrote:
> > > This is the only known SHA-1 collision at the moment, but Google will
> > > release the collision code in 90 days, so we can expect this not to last
>
On Fri, Feb 24, 2017 at 3:29 PM, wrote:
>...
> +++ subversion/trunk/tools/hook-scripts/reject-known-sha1-collisions.sh
> Fri Feb 24 21:29:04 2017
>
>...
> +$SVNLOOK changed -t "$TXN" "$REPOS"
> +if [ $? -ne 0 ]; then
> + echo $FILES >&2
> + echo "svnlook failed, possible SHA-1 collision" >&2
>
I remember some experiments in early development of WC-NG where we measured
which checksums worked vs which ones were too expensive. Going to the SHA1
family was at least 5 times more expensive or so…
We determined back then SHA1 was good enough for our use and that of our users
‘except for tho
The whole idea of the pristine cache is handling duplicate files… I don’t see
what you are trying to solve by adding a salt.
The pristine store is not a password store, where expensive hashing is a good
feature… not a user facing slowdown and we never designed Subversion as a
storage area for
30 matches
Mail list logo
