On 16.05.2017 15:10, Jacek Materna wrote:
On Sun, May 14, 2017 at 1:59 PM, Stefan Fuhrmann
<stefanfuhrm...@alice-dsl.de> wrote:
On 09.05.2017 20:43, Stefan Sperling wrote:
On Mon, May 08, 2017 at 10:46:39AM +0200, Jacek Materna wrote:
Team,
I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it
pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue
the
1.10 alphas?" thread.
I have added a small advisory-style writeup we could mail out along
with a 1.9.6 release announcement: http://svn.apache.org/r1794624
Does this look OK?
Of course, the FAQ and such could still be updated.
Looks good!
The only thing I'm not sure about is whether to
stress the fact that the user will also lose data.
It's there, implicitly, but the wording feels a bit
too focussed on the "errors and inconvenience"
side of things.
-- Stefan^2.
I have not changed the reference to the trunk version of the hook
script as I have not seen a stable "release" branch/tag version which
has it in place yet. I assume this will come after release.
[[[
Add to website FAQ around SHA-1 vulnerability
]]]
Thanks for the patch!
Committed as r1795354 with a few minor tweaks.
Although the mentioned 1.9.6 does not exist, yet,
I think the hook script solution is valid and useful
information to have in the FAQ. 1.9.6 will follow
soon, I hope.
Maybe, we should add a link to the advisory into
the FAQ.
-- Stefan^2.
