We’ve fully mitigated it. We have a very small number of people who can commit
changes. One of them would have to commit two documents that have the same
SHA1. That SHA1 is used as the unique key of the document on the assumption
that no two documents would ever have the same unique key. That
How we might best mitigate this vulnerability is better discussed in a more
private mailing list.
btw. The SHA1 collision was described in episode 600 of the weekly Security
Now! podcast that was broadcast on Tuesday last week. It can be seen on
twit.tv
Best regards,
David
--
View this
Wow.
Gesendet: Samstag, 25. Februar 2017 um 21:32 Uhr
Von: "Greg Hellings" <greg.helli...@gmail.com>
An: "SWORD Developers' Collaboration Forum" <sword-devel@crosswire.org>
Betreff: [sword-devel] Subversion
Just something we should be aware of, since we ar
Just something we should be aware of, since we are relying on svn in our
services.
https://arstechnica.com/security/2017/02/watershed-sha1-collision-just-broke-the-webkit-repository-others-may-follow/
--Greg
___
sword-devel mailing list:
I've Yahoo'ed a little and found this in the SVN forum which is exactly the
problem I'm facing.
http://www.svnforum.org/2017/viewtopic.php?t=8466
It is basically removing the +TSLv1 from the SSLProrocol config in the
virtual host where svn is running on.
#SSLProtocol -ALL +SSLv3 +TLSv1
Manfred,
I've looked around /etc/httpd/conf.d/ and couldn't find +TLSv1
anywhere. You should have permission to look around there. Let me know
if you find a place I should change things.
I've had a few strange errors since we've had our server relocated to a
new physical location recently.
I
Troy,
This is the command line:
mbergm...@lincrafter:~/_sources/crosswire/sword-trunk/bindings svn commit objc
-m Added Objective-C bindings including a Xcode project. --username **
Anmeldebereich: https://crosswire.org:443 CrossWire SVN
Passwort für »«:
Hinzufügen objc
Manfred,
Try doing an svn relocate from https to http. It will put passwords at risk of
capture. So it is a short term fix But it will take tls out of the picture.
In Him,
DM
Sent from my phone
On Jul 20, 2010, at 5:18 AM, Manfred Bergmann manfred.bergm...@me.com wrote:
Troy,
This is the
Yep, thanks. That worked for the initial import. For just a few files I might
be able to switch back to https.
Manfred
Am 20.07.2010 um 12:24 schrieb DM Smith:
Manfred,
Try doing an svn relocate from https to http. It will put passwords at risk
of capture. So it is a short term fix But
Hi.
I'm trying to push ObjC bindings. I tried committing now at least 10 times but
every time I get a timeout somewhere.
I remember I had similar experiences when I tried to pull whole JSword a while
ago where a couple of attempts were necessary to get all sources.
Is this a problem with
Manfred,
On Sun, Jul 18, 2010 at 9:06 AM, Manfred Bergmann
manfred.bergm...@me.com wrote:
Hi.
I'm trying to push ObjC bindings. I tried committing now at least 10 times
but every time I get a timeout somewhere.
I remember I had similar experiences when I tried to pull whole JSword a
while
Am 18.07.2010 um 17:15 schrieb Greg Hellings:
Manfred,
On Sun, Jul 18, 2010 at 9:06 AM, Manfred Bergmann
manfred.bergm...@me.com wrote:
Hi.
I'm trying to push ObjC bindings. I tried committing now at least 10 times
but every time I get a timeout somewhere.
I remember I had similar
12 matches
Mail list logo