We’ve fully mitigated it. We have a very small number of people who can commit
changes. One of them would have to commit two documents that have the same
SHA1. That SHA1 is used as the unique key of the document on the assumption
that no two documents would ever have the same unique key. That would confuse
the software.
Not going to happen.
In Him,
DM
> On Feb 26, 2017, at 11:32 AM, David Haslam <dfh...@googlemail.com> wrote:
>
> How we might best mitigate this vulnerability is better discussed in a more
> private mailing list.
>
> btw. The SHA1 collision was described in episode 600 of the weekly Security
> Now! podcast that was broadcast on Tuesday last week. It can be seen on
> twit.tv
>
> Best regards,
>
> David
>
>
>
> --
> View this message in context:
> http://sword-dev.350566.n4.nabble.com/Subversion-tp4656825p4656827.html
> Sent from the SWORD Dev mailing list archive at Nabble.com.
>
> _______________________________________________
> sword-devel mailing list: sword-devel@crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
