Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-16 Thread Stefan Fuhrmann
On 16.05.2017 15:10, Jacek Materna wrote: On Sun, May 14, 2017 at 1:59 PM, Stefan Fuhrmann wrote: On 09.05.2017 20:43, Stefan Sperling wrote: On Mon, May 08, 2017 at 10:46:39AM +0200, Jacek Materna wrote: Team, I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it pertain

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-16 Thread Jacek Materna
On Sun, May 14, 2017 at 1:59 PM, Stefan Fuhrmann wrote: > On 09.05.2017 20:43, Stefan Sperling wrote: >> >> On Mon, May 08, 2017 at 10:46:39AM +0200, Jacek Materna wrote: >>> >>> Team, >>> >>> I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it >>> pertains to the SHA-1 issue

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-14 Thread Stefan Fuhrmann
On 09.05.2017 20:43, Stefan Sperling wrote: On Mon, May 08, 2017 at 10:46:39AM +0200, Jacek Materna wrote: Team, I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue the 1.10 alphas?" thread. I have ad

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-13 Thread Daniel Shahaf
[devs: see penultimate paragraph (grep for "Thoughts")] Jacek Materna wrote on Thu, May 11, 2017 at 14:56:03 +0200: > For review. Thanks for the patch. I'll review the form first, then the content. Form: 1) Please use unified diff format, as generated by 'svn diff' or 'diff -u'. What you poste

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-11 Thread Jacek Materna
For review. best. -j On Wed, May 10, 2017 at 10:52 AM, Jacek Materna wrote: > Correct. #2 is moot given the rejection strategy moving forward. > > On Tue, May 9, 2017 at 6:12 PM, Daniel Shahaf > wrote: >> >> Jacek Materna wrote on Tue, May 09, 2017 at 14:39:51 +0200: >> > On Tue, May 9, 2017 at

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-10 Thread Jacek Materna
Correct. #2 is moot given the rejection strategy moving forward. On Tue, May 9, 2017 at 6:12 PM, Daniel Shahaf wrote: > Jacek Materna wrote on Tue, May 09, 2017 at 14:39:51 +0200: > > On Tue, May 9, 2017 at 2:12 PM, Daniel Shahaf > wrote: > > > Jacek Materna wrote on Mon, May 08, 2017 at 10:46:

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-10 Thread Jacek Materna
Looks great Stefan - will review and work on the FAQ patch this week. On Tue, May 9, 2017 at 8:43 PM, Stefan Sperling wrote: > On Mon, May 08, 2017 at 10:46:39AM +0200, Jacek Materna wrote: > > Team, > > > > I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it > > pertains t

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-09 Thread Stefan Sperling
On Mon, May 08, 2017 at 10:46:39AM +0200, Jacek Materna wrote: > Team, > > I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it > pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue the > 1.10 alphas?" thread. I have added a small advisory-style writeup we

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-09 Thread Daniel Shahaf
Jacek Materna wrote on Tue, May 09, 2017 at 14:39:51 +0200: > On Tue, May 9, 2017 at 2:12 PM, Daniel Shahaf wrote: > > Jacek Materna wrote on Mon, May 08, 2017 at 10:46:39 +0200: > >> Team, > >> > >> I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it > >> pertains to the SHA

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-09 Thread Jacek Materna
Hi, On Tue, May 9, 2017 at 2:12 PM, Daniel Shahaf wrote: > Jacek Materna wrote on Mon, May 08, 2017 at 10:46:39 +0200: >> Team, >> >> I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it >> pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue the >> 1.10 al

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-09 Thread Daniel Shahaf
Jacek Materna wrote on Mon, May 08, 2017 at 10:46:39 +0200: > Team, > > I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it > pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue the > 1.10 alphas?" thread. > > 1) We should bias towards pro-active mitigati

Re: [PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-08 Thread Andreas Stieger
Hi, On 08/05/17 10:46, Jacek Materna wrote: > > Install a pre-commit hook that will reject new instances against known > collisions. While this will not guarantee protection from new > collisions, we will keep the hook up-to date as new collisions are > publicly released. > > > The hook can be fou

[PATCH] 1.10 Release notes and FAQ around SHA-1

2017-05-08 Thread Jacek Materna
Team, I wanted to start a discussion around the FAQ (and 1.10 rls. notes) as it pertains to the SHA-1 issue affecting all versions of SVN RE: "Continue the 1.10 alphas?" thread. 1) We should bias towards pro-active mitigation of this issue in docs/code as we know a real solution will likely NOT c