On Feb 26, 2017, at 2:58 PM, Stephan Beal <sgb...@googlemail.com> wrote: > > just FYI, Linus' own words on the topic, posted yesterday: > > https://plus.google.com/u/0/+LinusTorvalds/posts/7tp2gYWQugL
Point #1 misses the fact that people *do* rely on Git hashes for security. Maybe they’re not “supposed” to, but they do. For example, the CentOS sources are published through Git these days, rather than as a pile of potentially-signed SRPM files. This means the only assurance you have that the content checked into Git hasn’t been tampered with is that the hashes are consistent. (I randomly inspected one of their repos, and it doesn’t use GPG signed commits, so the hashes are all you’ve got.) This is adequate security today, but once bad actors can do these SHA1 attacks inexpensively, it’ll be a problem if git.centos.org is still relying on SHA1 hashes. Point #2 is also questionable. Torvalds is assuming that any collision attack on a Git checkin will be detectable because of the random noise you have to insert into both instances to make them match. Except that you don’t have to do it with random noise. Thought experiment time: Given that it is now mature technology to be able to react to a useful subset of the spoken English language either over a crappy cell phone connection or via shouting at a microphone in a canister in the next room, complete with query chaining (e.g. Google Now, Amazon Echo, etc.) how much more difficult is it to write an “AI” that can automatically generate sane-looking but harmless C code in the middle of a pile of other C code to fuzz its data bits? I have no training in AI type stuff, but I think I could do a pretty decent job just by feeding a large subset of GitHub into a Markov chain model. Now imagine what someone with training, motivation, and resources could do. Or, don't imagine. Just go read the Microsoft Research paper on DeepCoder: https://news.ycombinator.com/item?id=13720580 I suspect there are parts of the Linux kernel sources that are indistinguishable from the output of a Markov chain model. :) *Someone* allowed those patches to be checked in. As for his point #3, he just offers it without support. He says there’s a plan. Well, we have a plan, too. Plans are easy. Execution is the hard part. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users