On 22/10/15 21:02, Stephan Beal wrote: >> So it's quite possible to have fossil with crypto grade hashes for >> artifacts > > But what does that solve? > > So far, nobody has been able to _demonstrate_ a maliciously faked artifact. > Until someone can, i'm not at all convinced that this is a real problem.
I didn't really follow the previous thread very closely, but is the argument that sha1 is secure enough in the specific context of fossil because it's very difficult to generate colliding artifacts (because randomly adding data to them will be interpreted as broken artifacts which will be rejected)? _______________________________________________ fossil-dev mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
