Home About Eric Topics SourceGear

2004-08-31 18:19:56

False Alarm: Vault is okay on SP1

#ifdef Boy_do_I_feel_sheepish

This morning we said that the recently released .NET Framework SP1 breaks compatibility with Vault.  It now appears that this was a false alarm.  Our testing indicates that Vault is okay on SP1.  Details below.


We got a little bit too cautious.

Vault uses String.GetHashCode() and stores the results in the repository.  Yes, we now know that this is a Bad Idea, but we didn't know that back when Vault was first created.

It turns out that in current releases of Vault (2.0.5 and prior), if the implementation of String.GetHashCode() changes, very bad things happen.  The repository gets damaged.

We've known for several months that String.GetHashCode() is going to change in .NET Framework 2.0.  We have a plan in place to deal with this situation without causing pain to our customers.

Several weeks ago, somebody told us that the changed version of String.GetHashCode() was actually going to be included in a service pack to the .NET Framework 1.1.  We regarded this as a rumor, but a scary one.

Last night, we heard a report from one of our customers.  They had installed SP1 and Vault was no longer working properly for them.

So we panicked.  We thought we were facing a nightmare situation.  All our customers were going to install SP1 and every Vault repository on earth was going to be fouled up.

As it turns out, String.GetHashCode() did not change in SP1.  The customer problem was unrelated.  The rumor was not true.

I am very sorry for any inconvenience we caused with this false alarm. 

But at the same time, I am not sorry.  Repository integrity is of paramount importance.  We had a credible reason to believe our customers' data was in danger, so we screamed a warning.  It all turned out to be a misunderstanding, but we don't feel guilty about being ultra-cautious when it comes to the safety and integrity of data stored in our product.

We still plan to go ahead and release Vault 2.0.6 very shortly.  This version and all subsequent versions will no longer be vulnerable to changes in String.GetHashCode().

Bottom line:  We got some bad information from our intelligence operatives.  This particular crisis has passed, so we are lowering the Terror Alert Level back to "yellow".