[sword-devel] Subversion
DM Smith
dmsmith at crosswire.org
Sun Feb 26 11:24:19 MST 2017
We’ve fully mitigated it. We have a very small number of people who can commit changes. One of them would have to commit two documents that have the same SHA1. That SHA1 is used as the unique key of the document on the assumption that no two documents would ever have the same unique key. That would confuse the software.
Not going to happen.
In Him,
DM
> On Feb 26, 2017, at 11:32 AM, David Haslam <dfhmch at googlemail.com> wrote:
>
> How we might best mitigate this vulnerability is better discussed in a more
> private mailing list.
>
> btw. The SHA1 collision was described in episode 600 of the weekly Security
> Now! podcast that was broadcast on Tuesday last week. It can be seen on
> twit.tv
>
> Best regards,
>
> David
>
>
>
> --
> View this message in context: http://sword-dev.350566.n4.nabble.com/Subversion-tp4656825p4656827.html
> Sent from the SWORD Dev mailing list archive at Nabble.com.
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
More information about the sword-devel
mailing list