Re: [fossil-users] Fossil 2.1 beta. Was: Progress report of Fossil 2.x
Ah ? really ? 1/ I am one of the guys who talks about security here. I am not the first one.SHA1 was one of the discuss... 2/ I am one of the first guy who give many examples of good way to use a specific hash algorithm... (when you use command line) If honesty occur here, kudos should go to us not to DRH. Just to mention that the explanation given (SHA1) is known for a long time : there is an issue with SHA1. The Fossil Team, or whatever you may call it, did just what every software team should do : give appropriate explanations about the policy that should or may occur [around the SHA1 issue]. 3/ To let you understand my point :I was astonished that finally the Fossil 2.0 is not SHA3, but it sticks with SHA1.You should ask/demand an SHA3 if you want it to run with your Fossil 2.0. Say : command line such as fossil new sha3 ... [or something like that] In another word, Fossil 2.0 which is supposed to be considered as a MAJOR release, did not make the change ... People should see a new release such as 1.37.1 (with the new SHA1 algo) but this will NEVER happen. People should expect that the 2.0 is SHA3 with SHA1 as an option if needed... 4/ I suppose that the Fossil Team knows nothing about ergonomics, too ?(Poor of me) Best Regards K. De : Lonnie AbelbeckÀ : Fossil SCM user's discussion Envoyé le : Dimanche 5 mars 2017 23h31 Objet : Re: [fossil-users] Fossil 2.1 beta. Was: Progress report of Fossil 2.x On Mar 5, 2017, at 5:01 PM, Richard Hipp wrote: > The big change is that now Fossil will actually generate SHA3-256 > hashes for new artifacts, if you ask it to, or by default in new > repositories. See > https://www.fossil-scm.org/fossil/doc/trunk/www/hashpolicy.wiki for > details. Kudos to Richard, the Fossil team and all that contributed ideas for this Fossil "Hash Policy". It appears every corner-case is covered. Lonnie ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Fossil 2.1 beta. Was: Progress report of Fossil 2.x
On Mar 5, 2017, at 5:01 PM, Richard Hippwrote: > The big change is that now Fossil will actually generate SHA3-256 > hashes for new artifacts, if you ask it to, or by default in new > repositories. See > https://www.fossil-scm.org/fossil/doc/trunk/www/hashpolicy.wiki for > details. Kudos to Richard, the Fossil team and all that contributed ideas for this Fossil "Hash Policy". It appears every corner-case is covered. Lonnie ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Fossil Version 2.1 (prerelease)
DRH question is strange in fact ... Not everyone would go for a Fossil 2.0 just because their repo ARE SHA1. Not to mention that, some providers won't move immediately when a stable release will come. I've said it in the past : a command line with option such as --sha1 --sha256 and so on is necessary...Of course the Fossil Team did not get it ... [until people ask for it] Best Regards K. De : Lonnie AbelbeckÀ : Fossil SCM user's discussion Envoyé le : Dimanche 5 mars 2017 16h30 Objet : Re: [fossil-users] Fossil Version 2.1 (prerelease) On Mar 5, 2017, at 10:15 AM, Richard Hipp wrote: > On 3/5/17, Lonnie Abelbeck wrote: >> For what is planned for Fossil 2.1, will new repos created using 2.1 using: >> -- >> fossil init --sha1 repo.fossil >> -- >> be compatible with recent Fossil 1.x versions ? > > Yes. Thanks Richard, > But why would you want to do that? Fossil 2.0 is out and 2.1 will be out > soon. We use a fossil repo to track configuration files on an embedded system (Asterisk PBX, etc.). Compatibility between fossil versions far more important to us than any practical issue with SHA1. Users can upgrade and revert firmware, possibly containing any version of Fossil. BTW, I just committed Fossil 2.0 for our next release. We do appreciate the option to use SHA3 when we decide to. Thanks the world-class project, Fossil. Lonnie ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] Fossil 2.1 beta. Was: Progress report of Fossil 2.x
The code on trunk (https://www.fossil-scm.org/fossil/timeline?y=ci=trunk) beta for Fossil 2.1. Please try it out and report any changes or issues. The big change is that now Fossil will actually generate SHA3-256 hashes for new artifacts, if you ask it to, or by default in new repositories. See https://www.fossil-scm.org/fossil/doc/trunk/www/hashpolicy.wiki for details. The latest 2.1 code is already running (of course) on all three of the Fossil self-hosting website, and on the SQLite website. I am building binaries of the beta now and will sync them to the https://www.fossil-scm.org/fossil/uv/download.html page soon. Please try out the new code and provide feedback. -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] spam after posting to the list
On Sunday, 5 Mar 2017 7:59 AM -0500, Saša Janiška wrote: > Hello, > > my last post to the list has triggered 7 *different* spam messages to my > INBOX from the *same* author, so wonder if there is something which can > be done against it, iow. I wonder if the situation is same whether one > posts via Gmane (as I do) or directly to the mailing list? > > I experience the same thing in the past, but never got so many msgs at > once… I post using Gmane too, and I haven't experienced it, but I use a bogus e-mail address in my 'From:' header and a real address in my 'Reply to:' header. Try it and see if that solves your problem. -- Will ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] spam after posting to the list
On 3/5/17, Saša Janiškawrote: > Hello, > > my last post to the list has triggered 7 *different* spam messages to my > INBOX from the *same* author, so wonder if there is something which can > be done against it, iow. I wonder if the situation is same whether one > posts via Gmane (as I do) or directly to the mailing list? > > I experience the same thing in the past, but never got so many msgs at > once… I was getting that too. All the porno-spam I was getting from "Eboni" was coming from servers hosted by OVH at https://www.ovh.com/us/ to whom I have written multiple times. They are completely unwilling to do anything about the porno-spam originating from their servers. I got rid of the spam from Eboni by blocking the following IP addresses: 144.217.94.196 144.217.165.151 2607:5300:201:3000::/64 I'm sorry you are having to deal with this. If there was anything I could do about it, I would. -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Fossil Version 2.1 (prerelease)
On Mar 5, 2017, at 10:15 AM, Richard Hippwrote: > On 3/5/17, Lonnie Abelbeck wrote: >> For what is planned for Fossil 2.1, will new repos created using 2.1 using: >> -- >> fossil init --sha1 repo.fossil >> -- >> be compatible with recent Fossil 1.x versions ? > > Yes. Thanks Richard, > But why would you want to do that? Fossil 2.0 is out and 2.1 will be out > soon. We use a fossil repo to track configuration files on an embedded system (Asterisk PBX, etc.). Compatibility between fossil versions far more important to us than any practical issue with SHA1. Users can upgrade and revert firmware, possibly containing any version of Fossil. BTW, I just committed Fossil 2.0 for our next release. We do appreciate the option to use SHA3 when we decide to. Thanks the world-class project, Fossil. Lonnie ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Fossil Version 2.1 (prerelease)
On 3/5/17, Lonnie Abelbeckwrote: > For what is planned for Fossil 2.1, will new repos created using 2.1 using: > -- > fossil init --sha1 repo.fossil > -- > be compatible with recent Fossil 1.x versions ? Yes. But why would you want to do that? Fossil 2.0 is out and 2.1 will be out soon. -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] Fossil Version 2.1 (prerelease)
For what is planned for Fossil 2.1, will new repos created using 2.1 using: -- fossil init --sha1 repo.fossil -- be compatible with recent Fossil 1.x versions ? Ref: Add the --sha1 option to the "fossil new" command, to simplify the creation of new SHA1-only repositories. http://fossil-scm.org/index.html/vinfo/91f5ad9b94ef47d2?sbs=0 Lonnie ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] spam after posting to the list
Hello, my last post to the list has triggered 7 *different* spam messages to my INBOX from the *same* author, so wonder if there is something which can be done against it, iow. I wonder if the situation is same whether one posts via Gmane (as I do) or directly to the mailing list? I experience the same thing in the past, but never got so many msgs at once… Sincerely, Gour -- Whatever action a great man performs, common men follow. And whatever standards he sets by exemplary acts, all the world pursues. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] comment on 6429054f8ef073b6 commit
Hello, when checking Fossil’s timeline on the web I noticed the 6429054f8ef073b6 commit with the following content: “The first distributed version control system (as far as this author knows) was [http://www.monotone.ca|Monotone]. Many of the ideas behind the design of Fossil were copied from Monotone, including the use of a SHA1 hash to assign names to artifacts. Git and Mercurial did the same thing.” and the first thought was: “What about Darcs?” I did check with Wikipedia which says: * Darcs - initial release: March 3, 2003; and * Monotone - initial release: April 6, 2003 Of course, I do not claim Wikipedia as ultimate authority, but being Darcs user myself from its very beginning, I just wanted to share it here in order not to have wrong info in the repo. Sincerely, Gour -- Never was there a time when I did not exist, nor you, nor all these kings; nor in the future shall any of us cease to be. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users