Fossil SCM
Tweaks to the hash policy document.
Commit
b0d3e9cc311bcca58ef35277d862322abd6c787b
Parent
6429054f8ef073b…
1 file changed
+5
-3
+5
-3
| --- www/hashpolicy.wiki | ||
| +++ www/hashpolicy.wiki | ||
| @@ -13,11 +13,11 @@ | ||
| 13 | 13 | going on, read on... |
| 14 | 14 | |
| 15 | 15 | |
| 16 | 16 | <h2> Introduction </h2> |
| 17 | 17 | |
| 18 | -The first distributed version control system (as far as this author knows) | |
| 18 | +The first snapshot-based distributed version control system | |
| 19 | 19 | was [http://www.monotone.ca|Monotone]. Many of the ideas behind the design |
| 20 | 20 | of Fossil were copied from Monotone, including the use of a SHA1 hash to |
| 21 | 21 | assign names to artifacts. Git and Mercurial did the same thing. |
| 22 | 22 | |
| 23 | 23 | The SHA1 hash algorithm is used only to create names for artifacts in Fossil |
| @@ -27,11 +27,11 @@ | ||
| 27 | 27 | "SHA1 is broken". They see that Fossil (and Git, Mercurial, and Monotone) |
| 28 | 28 | use SHA1 and they therefore conclude that "Fossil is broken". This is |
| 29 | 29 | not true, but it is a public relations problem. So the decision |
| 30 | 30 | was made to migrate Fossil away from SHA1. |
| 31 | 31 | |
| 32 | -This article describes how that is occurring. | |
| 32 | +This article describes how that migration is occurring. | |
| 33 | 33 | |
| 34 | 34 | <h2>Use Of Hardened SHA1</h2> |
| 35 | 35 | |
| 36 | 36 | In Fossil version 2.0 ([/timeline?c=version-2.0|2017-03-03]), |
| 37 | 37 | the internal SHA1 implementation was changed from a generic |
| @@ -79,10 +79,12 @@ | ||
| 79 | 79 | and write all the same repositories and sync with one another, as long |
| 80 | 80 | as none of the repositories contain artifacts named using SHA3. If |
| 81 | 81 | a repository does contain artifacts named using SHA3, Fossil 1.37 will |
| 82 | 82 | not know how to interpret those artifacts and will generate various warnings |
| 83 | 83 | and errors. |
| 84 | + | |
| 85 | +<h2>Picking Which Hash Algorithm To Use</h2> | |
| 84 | 86 | |
| 85 | 87 | If newer versions of Fossil are able to use either SHA1 or SHA3 to |
| 86 | 88 | name artifacts, which hash algorithm is actually used? That question |
| 87 | 89 | is answered by the "hash policy". These are the supported hash policies: |
| 88 | 90 | |
| @@ -114,11 +116,11 @@ | ||
| 114 | 116 | </tr> |
| 115 | 117 | <tr> |
| 116 | 118 | <td valign='top'>shun-sha1</td> |
| 117 | 119 | <td>Like "sha3-only" but at this level do not accept a push of SHA1-named |
| 118 | 120 | artifacts. If another Fossil instance tries to push a SHA1-named artifact, |
| 119 | -discard and ignore it. | |
| 121 | +that artifact is discarded and ignored. | |
| 120 | 122 | </tr> |
| 121 | 123 | </table> |
| 122 | 124 | |
| 123 | 125 | For Fossil 2.0, and obviously also for Fossil 1.37 and before, the |
| 124 | 126 | only hash policy supported was "sha1". All new artifacts were named |
| 125 | 127 |
| --- www/hashpolicy.wiki | |
| +++ www/hashpolicy.wiki | |
| @@ -13,11 +13,11 @@ | |
| 13 | going on, read on... |
| 14 | |
| 15 | |
| 16 | <h2> Introduction </h2> |
| 17 | |
| 18 | The first distributed version control system (as far as this author knows) |
| 19 | was [http://www.monotone.ca|Monotone]. Many of the ideas behind the design |
| 20 | of Fossil were copied from Monotone, including the use of a SHA1 hash to |
| 21 | assign names to artifacts. Git and Mercurial did the same thing. |
| 22 | |
| 23 | The SHA1 hash algorithm is used only to create names for artifacts in Fossil |
| @@ -27,11 +27,11 @@ | |
| 27 | "SHA1 is broken". They see that Fossil (and Git, Mercurial, and Monotone) |
| 28 | use SHA1 and they therefore conclude that "Fossil is broken". This is |
| 29 | not true, but it is a public relations problem. So the decision |
| 30 | was made to migrate Fossil away from SHA1. |
| 31 | |
| 32 | This article describes how that is occurring. |
| 33 | |
| 34 | <h2>Use Of Hardened SHA1</h2> |
| 35 | |
| 36 | In Fossil version 2.0 ([/timeline?c=version-2.0|2017-03-03]), |
| 37 | the internal SHA1 implementation was changed from a generic |
| @@ -79,10 +79,12 @@ | |
| 79 | and write all the same repositories and sync with one another, as long |
| 80 | as none of the repositories contain artifacts named using SHA3. If |
| 81 | a repository does contain artifacts named using SHA3, Fossil 1.37 will |
| 82 | not know how to interpret those artifacts and will generate various warnings |
| 83 | and errors. |
| 84 | |
| 85 | If newer versions of Fossil are able to use either SHA1 or SHA3 to |
| 86 | name artifacts, which hash algorithm is actually used? That question |
| 87 | is answered by the "hash policy". These are the supported hash policies: |
| 88 | |
| @@ -114,11 +116,11 @@ | |
| 114 | </tr> |
| 115 | <tr> |
| 116 | <td valign='top'>shun-sha1</td> |
| 117 | <td>Like "sha3-only" but at this level do not accept a push of SHA1-named |
| 118 | artifacts. If another Fossil instance tries to push a SHA1-named artifact, |
| 119 | discard and ignore it. |
| 120 | </tr> |
| 121 | </table> |
| 122 | |
| 123 | For Fossil 2.0, and obviously also for Fossil 1.37 and before, the |
| 124 | only hash policy supported was "sha1". All new artifacts were named |
| 125 |
| --- www/hashpolicy.wiki | |
| +++ www/hashpolicy.wiki | |
| @@ -13,11 +13,11 @@ | |
| 13 | going on, read on... |
| 14 | |
| 15 | |
| 16 | <h2> Introduction </h2> |
| 17 | |
| 18 | The first snapshot-based distributed version control system |
| 19 | was [http://www.monotone.ca|Monotone]. Many of the ideas behind the design |
| 20 | of Fossil were copied from Monotone, including the use of a SHA1 hash to |
| 21 | assign names to artifacts. Git and Mercurial did the same thing. |
| 22 | |
| 23 | The SHA1 hash algorithm is used only to create names for artifacts in Fossil |
| @@ -27,11 +27,11 @@ | |
| 27 | "SHA1 is broken". They see that Fossil (and Git, Mercurial, and Monotone) |
| 28 | use SHA1 and they therefore conclude that "Fossil is broken". This is |
| 29 | not true, but it is a public relations problem. So the decision |
| 30 | was made to migrate Fossil away from SHA1. |
| 31 | |
| 32 | This article describes how that migration is occurring. |
| 33 | |
| 34 | <h2>Use Of Hardened SHA1</h2> |
| 35 | |
| 36 | In Fossil version 2.0 ([/timeline?c=version-2.0|2017-03-03]), |
| 37 | the internal SHA1 implementation was changed from a generic |
| @@ -79,10 +79,12 @@ | |
| 79 | and write all the same repositories and sync with one another, as long |
| 80 | as none of the repositories contain artifacts named using SHA3. If |
| 81 | a repository does contain artifacts named using SHA3, Fossil 1.37 will |
| 82 | not know how to interpret those artifacts and will generate various warnings |
| 83 | and errors. |
| 84 | |
| 85 | <h2>Picking Which Hash Algorithm To Use</h2> |
| 86 | |
| 87 | If newer versions of Fossil are able to use either SHA1 or SHA3 to |
| 88 | name artifacts, which hash algorithm is actually used? That question |
| 89 | is answered by the "hash policy". These are the supported hash policies: |
| 90 | |
| @@ -114,11 +116,11 @@ | |
| 116 | </tr> |
| 117 | <tr> |
| 118 | <td valign='top'>shun-sha1</td> |
| 119 | <td>Like "sha3-only" but at this level do not accept a push of SHA1-named |
| 120 | artifacts. If another Fossil instance tries to push a SHA1-named artifact, |
| 121 | that artifact is discarded and ignored. |
| 122 | </tr> |
| 123 | </table> |
| 124 | |
| 125 | For Fossil 2.0, and obviously also for Fossil 1.37 and before, the |
| 126 | only hash policy supported was "sha1". All new artifacts were named |
| 127 |