Stefan Sperling wrote on Tue, Apr 04, 2017 at 11:33:18 +0200: > On Mon, Feb 20, 2017 at 09:05:25AM +0100, Bert Huijben wrote: > > This code is still in trunk without any of the discussed improvements, so > > this change is currently part of 1.10.0-alpha1. > > > > If we don't implement the improvements I think we should check if we want > > to revert to the 1.0-1.9 behavior before we really look at releasing 1.10. > > > > See discussion below > > > > Bert > > I think the proposed approach as implemented on trunk can no longer be > considered viable, unfortunately, because of this step: > > > > >>> 4. Calculate SHA-1 checksum of detranslated contents of working file > > > >>> and compare it with pristine's checksum stored in wc.db. > > Given that the SHA1 collision problem is real, we are now trying to stop > relying on hashes to compare content. So it does not make sense to add > new code which relies on hashes in this way, in my opinion.
Note that we can still do what rep-cache now does: treat equality of checksums as a sensitive but not specific test for bit-for-bit equality; that is: checksum the file, and if the resulting value is equal to the stored value, do a full-text comparison too. I'm not saying that this is what libsvn_wc should do; I'm just pointing out that it is still possible to use sha1 safely. Cheers, Daniel > It seems that using SHA1 to compare content is key to the proposed approach. > If that is correct, then I don't agree with releasing 1.10 with this feature > and I would be in favour of reverting this change.
