W dniu 24.02.2017 o 23:53, Santiago Torres pisze: > On Fri, Feb 24, 2017 at 11:47:46PM +0100, Jakub Narębski wrote: >> >> I have just read on ArsTechnica[1] that while Git repository could be >> corrupted (though this would require attackers to spend great amount >> of resources creating their own collision, while as said elsewhere >> in this thread allegedly easy to detect), putting two proof-of-concept >> different PDFs with same size and SHA-1 actually *breaks* Subversion. >> Repository can become corrupt, and stop accepting new commits. > > From what I understood in the thread[1], it was the combination of svn + > git-svn together. I think Arstechnica may be a little bit > sensationalistic here. > [1] https://bugs.webkit.org/show_bug.cgi?id=168774#c27 Thanks for the link. It looks like the problem was with svn itself (couldn't checkout, couldn't sync), but repository is recovered now, though not protected against the problem occurring again. Well, anyone with Subversion installed (so not me) can check it for himself/herself... though better do this with separate svnroot. Note that the breakage was an accident, trying to add test case for SHA-1 collision in WebKit cache. Best regards, -- Jakub Narębski