Re: [fossil-users] Fossil 2.1 beta. Was: Progress report of Fossil 2.x

2017-03-05 Thread K. Fossil user 
Ah ? really ?
1/ I am one of the guys who talks about security here. I am not the first 
one.SHA1 was one of the discuss...
2/ I am one of the first guy who give many examples of good way to use a 
specific hash algorithm... (when you use command line)

If honesty occur here, kudos should go to us not to DRH.
Just to mention that the explanation given (SHA1) is known for a long time : 
there is an issue with SHA1.
The Fossil Team, or whatever you may call it, did just what every software team 
should do : give appropriate explanations about the policy that should or may 
occur [around the SHA1 issue].
3/ To let you understand my point :I was astonished that finally the Fossil 2.0 
is not SHA3, but it sticks with SHA1.You should ask/demand an SHA3 if you want 
it to run with your Fossil 2.0. Say : command line such as fossil new sha3 ... 
[or something like that]

In another word, Fossil 2.0 which is supposed to be considered as a MAJOR 
release, did not make the change ...
People should see a new release such as 1.37.1 (with the new SHA1 algo) but 
this will NEVER happen.
People should expect that the 2.0 is SHA3 with SHA1 as an option if needed...

4/ I suppose that the Fossil Team knows nothing about ergonomics, too ?(Poor of 
me)

 
Best Regards

K.

  De : Lonnie Abelbeck 
 À : Fossil SCM user's discussion  
 Envoyé le : Dimanche 5 mars 2017 23h31
 Objet : Re: [fossil-users] Fossil 2.1 beta. Was: Progress report of Fossil 2.x
   

On Mar 5, 2017, at 5:01 PM, Richard Hipp  wrote:
> The big change is that now Fossil will actually generate SHA3-256
> hashes for new artifacts, if you ask it to, or by default in new
> repositories.  See
> https://www.fossil-scm.org/fossil/doc/trunk/www/hashpolicy.wiki for
> details.

Kudos to Richard, the Fossil team and all that contributed ideas for this 
Fossil "Hash Policy".  It appears every corner-case is covered.

Lonnie

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


   ___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Fossil 2.1 beta. Was: Progress report of Fossil 2.x

2017-03-05 Thread Lonnie Abelbeck 

On Mar 5, 2017, at 5:01 PM, Richard Hipp  wrote:
> The big change is that now Fossil will actually generate SHA3-256
> hashes for new artifacts, if you ask it to, or by default in new
> repositories.  See
> https://www.fossil-scm.org/fossil/doc/trunk/www/hashpolicy.wiki for
> details.

Kudos to Richard, the Fossil team and all that contributed ideas for this 
Fossil "Hash Policy".  It appears every corner-case is covered.

Lonnie

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Fossil Version 2.1 (prerelease)

2017-03-05 Thread K. Fossil user 
DRH question is strange in fact ...
Not everyone would go for a Fossil 2.0 just because their repo ARE SHA1.
Not to mention that, some providers won't move immediately when a stable 
release will come.
I've said it in the past : a command line with option such as --sha1 --sha256 
and so on is necessary...Of course the Fossil Team did not get it ... [until 
people ask for it]

 
Best Regards

K.

  De : Lonnie Abelbeck 
 À : Fossil SCM user's discussion  
 Envoyé le : Dimanche 5 mars 2017 16h30
 Objet : Re: [fossil-users] Fossil Version 2.1 (prerelease)
   

On Mar 5, 2017, at 10:15 AM, Richard Hipp  wrote:

> On 3/5/17, Lonnie Abelbeck  wrote:
>> For what is planned for Fossil 2.1, will new repos created using 2.1 using:
>> --
>> fossil init --sha1 repo.fossil
>> --
>> be compatible with recent Fossil 1.x versions ?
> 
> Yes.

Thanks Richard,

> But why would you want to do that?  Fossil 2.0 is out and 2.1 will be out 
> soon.

We use a fossil repo to track configuration files on an embedded system 
(Asterisk PBX, etc.).

Compatibility between fossil versions far more important to us than any 
practical issue with SHA1.  Users can upgrade and revert firmware, possibly 
containing any version of Fossil.

BTW, I just committed Fossil 2.0 for our next release.  We do appreciate the 
option to use SHA3 when we decide to.

Thanks the world-class project, Fossil.

Lonnie

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


   ___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] Fossil 2.1 beta. Was: Progress report of Fossil 2.x

2017-03-05 Thread Richard Hipp 
The code on trunk
(https://www.fossil-scm.org/fossil/timeline?y=ci=trunk)  beta for
Fossil 2.1.  Please try it out and report any changes or issues.

The big change is that now Fossil will actually generate SHA3-256
hashes for new artifacts, if you ask it to, or by default in new
repositories.  See
https://www.fossil-scm.org/fossil/doc/trunk/www/hashpolicy.wiki for
details.

The latest 2.1 code is already running (of course) on all three of the
Fossil self-hosting website, and on the SQLite website.

I am building binaries of the beta now and will sync them to the
https://www.fossil-scm.org/fossil/uv/download.html page soon.  Please
try out the new code and provide feedback.
-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] spam after posting to the list

2017-03-05 Thread Will Parsons 
On Sunday,  5 Mar 2017  7:59 AM -0500, Saša Janiška wrote:
> Hello,
>
> my last post to the list has triggered 7 *different* spam messages to my
> INBOX from the *same* author, so wonder if there is something which can
> be done against it, iow. I wonder if the situation is same whether one
> posts via Gmane (as I do) or directly to the mailing list?
>
> I experience the same thing in the past, but never got so many msgs at
> once…

I post using Gmane too, and I haven't experienced it, but I use a
bogus e-mail address in my 'From:' header and a real address in my
'Reply to:' header.  Try it and see if that solves your problem.

-- 
Will

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] spam after posting to the list

2017-03-05 Thread Richard Hipp 
On 3/5/17, Saša Janiška  wrote:
> Hello,
>
> my last post to the list has triggered 7 *different* spam messages to my
> INBOX from the *same* author, so wonder if there is something which can
> be done against it, iow. I wonder if the situation is same whether one
> posts via Gmane (as I do) or directly to the mailing list?
>
> I experience the same thing in the past, but never got so many msgs at
> once…

I was getting that too.

All the porno-spam I was getting from "Eboni" was coming from servers
hosted by OVH at https://www.ovh.com/us/ to whom I have written
multiple times.  They are completely unwilling to do anything about
the porno-spam originating from their servers.

I got rid of the spam from Eboni by blocking the following IP addresses:

  144.217.94.196
  144.217.165.151
  2607:5300:201:3000::/64

I'm sorry you are having to deal with this.  If there was anything I
could do about it, I would.
-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Fossil Version 2.1 (prerelease)

2017-03-05 Thread Lonnie Abelbeck 

On Mar 5, 2017, at 10:15 AM, Richard Hipp  wrote:

> On 3/5/17, Lonnie Abelbeck  wrote:
>> For what is planned for Fossil 2.1, will new repos created using 2.1 using:
>> --
>> fossil init --sha1 repo.fossil
>> --
>> be compatible with recent Fossil 1.x versions ?
> 
> Yes.

Thanks Richard,

> But why would you want to do that?  Fossil 2.0 is out and 2.1 will be out 
> soon.

We use a fossil repo to track configuration files on an embedded system 
(Asterisk PBX, etc.).

Compatibility between fossil versions far more important to us than any 
practical issue with SHA1.  Users can upgrade and revert firmware, possibly 
containing any version of Fossil.

BTW, I just committed Fossil 2.0 for our next release.  We do appreciate the 
option to use SHA3 when we decide to.

Thanks the world-class project, Fossil.

Lonnie

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Fossil Version 2.1 (prerelease)

2017-03-05 Thread Richard Hipp 
On 3/5/17, Lonnie Abelbeck  wrote:
> For what is planned for Fossil 2.1, will new repos created using 2.1 using:
> --
> fossil init --sha1 repo.fossil
> --
> be compatible with recent Fossil 1.x versions ?

Yes.

But why would you want to do that?  Fossil 2.0 is out and 2.1 will be out soon.
-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] Fossil Version 2.1 (prerelease)

2017-03-05 Thread Lonnie Abelbeck 
For what is planned for Fossil 2.1, will new repos created using 2.1 using:
--
fossil init --sha1 repo.fossil
--
be compatible with recent Fossil 1.x versions ?

Ref: Add the --sha1 option to the "fossil new" command, to simplify the 
creation of new SHA1-only repositories.
http://fossil-scm.org/index.html/vinfo/91f5ad9b94ef47d2?sbs=0

Lonnie

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] spam after posting to the list

2017-03-05 Thread Saša Janiška 
Hello,

my last post to the list has triggered 7 *different* spam messages to my
INBOX from the *same* author, so wonder if there is something which can
be done against it, iow. I wonder if the situation is same whether one
posts via Gmane (as I do) or directly to the mailing list?

I experience the same thing in the past, but never got so many msgs at
once…


Sincerely,
Gour

-- 
Whatever action a great man performs, common men follow. And
whatever standards he sets by exemplary acts, all the world pursues.

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] comment on 6429054f8ef073b6 commit

2017-03-05 Thread Saša Janiška 
Hello,

when checking Fossil’s timeline on the web I noticed the
6429054f8ef073b6 commit with the following content:

“The first distributed version control system (as far as this author knows)
was [http://www.monotone.ca|Monotone].  Many of the ideas behind the design
of Fossil were copied from Monotone, including the use of a SHA1 hash to
assign names to artifacts.  Git and Mercurial did the same thing.” and
the first thought was: “What about Darcs?”

I did check with Wikipedia which says:

* Darcs - initial release: March 3, 2003; and

* Monotone - initial release: April 6, 2003

Of course, I do not claim Wikipedia as ultimate authority, but being
Darcs user myself from its very beginning, I just wanted to share it
here in order not to have wrong info in the repo.


Sincerely,
Gour

-- 
Never was there a time when I did not exist,
nor you, nor all these kings; nor in the future
shall any of us cease to be.

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users