Fossil SCM
Relaxed the "enforcing" language around the planned change of hash policy from "auto" to "sha3" in Fossil 2.10 within section 2.8 of the fossil-v-git.wiki doc, and clarified what will actually happen with that release as compared to the current release.
Commit
c5461fb599b20002a48e7ddf9228e6022ee47f9109f079bba26ccab4cb654e5c
Parent
0996347d4ab9d5d…
1 file changed
+7
-4
+7
-4
| --- www/fossil-v-git.wiki | ||
| +++ www/fossil-v-git.wiki | ||
| @@ -470,11 +470,11 @@ | ||
| 470 | 470 | get paid more by mastering arcane features of my DVCS?" Unless you have |
| 471 | 471 | a good answer to that, you probably do not want to be choosing a DVCS |
| 472 | 472 | based on how many arcane features it has. |
| 473 | 473 | |
| 474 | 474 | The argument is similar for other types of users: if you are a hobbyist, |
| 475 | -how much time do you want to spend mastering your DVCSs instead of on | |
| 475 | +how much time do you want to spend mastering your DVCS instead of on | |
| 476 | 476 | the hobby supported by use of that DVCS? |
| 477 | 477 | |
| 478 | 478 | There is some minimal set of features required to achieve the purposes |
| 479 | 479 | that drive our selection of a DVCS, but there is a level beyond which |
| 480 | 480 | more features only slow us down while we're learning the tool, since we |
| @@ -603,14 +603,17 @@ | ||
| 603 | 603 | [https://en.wikipedia.org/wiki/SHA-3|256-bit SHA-3] with |
| 604 | 604 | [./hashpolicy.wiki|full backwards compatibility] to old SHA-1 based |
| 605 | 605 | repositories. |
| 606 | 606 | |
| 607 | 607 | Here in mid-2019, that feature is now in every OS and package repository |
| 608 | -known to include Fossil so that the next release as of this writing | |
| 609 | -(Fossil 2.10) will default to enforcing SHA-3 hashes by default. This | |
| 608 | +known to include Fossil so that the next release | |
| 609 | +(Fossil 2.10) will begin using SHA-3 hashes even on repos currently | |
| 610 | +limited to SHA-1 for compatibility with Fossil 1.<i>x</i>, | |
| 611 | +effectively upgrading them to require Fossil 2.1 or newer. This | |
| 610 | 612 | not only solves the SHAttered problem, it should prevent a reoccurrence |
| 611 | -for the foreseeable future. Only repositories created before the | |
| 613 | +for the foreseeable future. With the current release (Fossil 2.9) only | |
| 614 | +repositories created before the | |
| 612 | 615 | transition to Fossil 2 are still using SHA-1, and then only if the |
| 613 | 616 | repository's maintainer chose not to switch them into SHA-3 mode some |
| 614 | 617 | time over the past 2 years. |
| 615 | 618 | |
| 616 | 619 | Meanwhile, the Git community took until August 2018 to announce |
| 617 | 620 |
| --- www/fossil-v-git.wiki | |
| +++ www/fossil-v-git.wiki | |
| @@ -470,11 +470,11 @@ | |
| 470 | get paid more by mastering arcane features of my DVCS?" Unless you have |
| 471 | a good answer to that, you probably do not want to be choosing a DVCS |
| 472 | based on how many arcane features it has. |
| 473 | |
| 474 | The argument is similar for other types of users: if you are a hobbyist, |
| 475 | how much time do you want to spend mastering your DVCSs instead of on |
| 476 | the hobby supported by use of that DVCS? |
| 477 | |
| 478 | There is some minimal set of features required to achieve the purposes |
| 479 | that drive our selection of a DVCS, but there is a level beyond which |
| 480 | more features only slow us down while we're learning the tool, since we |
| @@ -603,14 +603,17 @@ | |
| 603 | [https://en.wikipedia.org/wiki/SHA-3|256-bit SHA-3] with |
| 604 | [./hashpolicy.wiki|full backwards compatibility] to old SHA-1 based |
| 605 | repositories. |
| 606 | |
| 607 | Here in mid-2019, that feature is now in every OS and package repository |
| 608 | known to include Fossil so that the next release as of this writing |
| 609 | (Fossil 2.10) will default to enforcing SHA-3 hashes by default. This |
| 610 | not only solves the SHAttered problem, it should prevent a reoccurrence |
| 611 | for the foreseeable future. Only repositories created before the |
| 612 | transition to Fossil 2 are still using SHA-1, and then only if the |
| 613 | repository's maintainer chose not to switch them into SHA-3 mode some |
| 614 | time over the past 2 years. |
| 615 | |
| 616 | Meanwhile, the Git community took until August 2018 to announce |
| 617 |
| --- www/fossil-v-git.wiki | |
| +++ www/fossil-v-git.wiki | |
| @@ -470,11 +470,11 @@ | |
| 470 | get paid more by mastering arcane features of my DVCS?" Unless you have |
| 471 | a good answer to that, you probably do not want to be choosing a DVCS |
| 472 | based on how many arcane features it has. |
| 473 | |
| 474 | The argument is similar for other types of users: if you are a hobbyist, |
| 475 | how much time do you want to spend mastering your DVCS instead of on |
| 476 | the hobby supported by use of that DVCS? |
| 477 | |
| 478 | There is some minimal set of features required to achieve the purposes |
| 479 | that drive our selection of a DVCS, but there is a level beyond which |
| 480 | more features only slow us down while we're learning the tool, since we |
| @@ -603,14 +603,17 @@ | |
| 603 | [https://en.wikipedia.org/wiki/SHA-3|256-bit SHA-3] with |
| 604 | [./hashpolicy.wiki|full backwards compatibility] to old SHA-1 based |
| 605 | repositories. |
| 606 | |
| 607 | Here in mid-2019, that feature is now in every OS and package repository |
| 608 | known to include Fossil so that the next release |
| 609 | (Fossil 2.10) will begin using SHA-3 hashes even on repos currently |
| 610 | limited to SHA-1 for compatibility with Fossil 1.<i>x</i>, |
| 611 | effectively upgrading them to require Fossil 2.1 or newer. This |
| 612 | not only solves the SHAttered problem, it should prevent a reoccurrence |
| 613 | for the foreseeable future. With the current release (Fossil 2.9) only |
| 614 | repositories created before the |
| 615 | transition to Fossil 2 are still using SHA-1, and then only if the |
| 616 | repository's maintainer chose not to switch them into SHA-3 mode some |
| 617 | time over the past 2 years. |
| 618 | |
| 619 | Meanwhile, the Git community took until August 2018 to announce |
| 620 |