subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johan Corveleyn <jcor...@gmail.com>
Subject Re: Check SHA vs Content (was: RE: svn commit: r1759233 - /subversion/trunk/subversion/libsvn_wc/questions.c)
Date Tue, 09 May 2017 11:21:36 GMT
On Tue, Apr 4, 2017 at 11:33 AM, Stefan Sperling <stsp@elego.de> wrote:
> On Mon, Feb 20, 2017 at 09:05:25AM +0100, Bert Huijben wrote:
>> This code is still in trunk without any of the discussed improvements, so
>> this change is currently part of 1.10.0-alpha1.
>>
>> If we don't implement the improvements I think we should check if we want
>> to revert to the 1.0-1.9 behavior before we really look at releasing 1.10.
>>
>> See discussion below
>>
>>     Bert
>
> I think the proposed approach as implemented on trunk can no longer be
> considered viable, unfortunately, because of this step:
>
>> > >>> 4. Calculate SHA-1 checksum of detranslated contents of working
file
>> > >>>    and compare it with pristine's checksum stored in wc.db.
>
> Given that the SHA1 collision problem is real, we are now trying to stop
> relying on hashes to compare content. So it does not make sense to add
> new code which relies on hashes in this way, in my opinion.
>
> It seems that using SHA1 to compare content is key to the proposed approach.
> If that is correct, then I don't agree with releasing 1.10 with this feature
> and I would be in favour of reverting this change.
>
> Ivan, do you have any further comments on this thread? You have remained
> silent for quite some time now :(

Where are we with this? Seems the consensus is to revert r1759233 to
not further increase our reliance on sha1? Or is there still a way to
keep r1759233 in some way, and improve it to make the sha1 test
"sensitive but not specific", like danielsh proposed?

Ivan?

-- 
Johan

Mime
View raw message