-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/04/2015 05:18 PM, hasufell wrote: > On 11/04/2015 09:56 AM, Andrew Savchenko wrote: >> No, it is not. The whole git tree is insecure and no better than >> rsync or CVS in terms of data security because SHA1 is >> vulnerable. >> > > Another one who is confusing _any_ collision with _preimage attack_ > ;) >
Or even worse, 2nd preimage :) In all seriousness, though, it is indeed an important distinction. As for OpenPGP signed distribution of files in rsync as well, it is certainly something I look forwards to and Gentoo Keys project is working hard on. - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJWOjIcAAoJECULev7WN52FivEH/RssmJdQLug2E4B0ZUMUBDum fp5E4PipD9WBFIfqwK36acp/QoJIAjsQrA6B8bfOoK+AVCryQGbMNlR2OAWZzZrG ISn3TTsXjfBeyP0ajiFT1qfTe9OvLNpweyB1GUBvq0vnvtDdmET1DO2d2Yxagmyz 41+QtEWw0s3yypinpgyWqkz5ddJxCAnIXPrOVwwdJJx1yRvAP3rnoM7vvoSCjJps SannPK1ks6ChXtXhEpIX0cHTgm9oXAnn+BhbEGWISuziOfOXmIrBLmPZG9ZYdwEM vttt3uRXc42VBG4zLgKq0Qc5TtD4IsWtGn+Hm4sNYV3atHPS78LW05h82HrE7Fo= =63hW -----END PGP SIGNATURE-----