On Thu, 25 Aug 2016, Arif Khokar wrote:
> On 08/24/2016 09:04 AM, Johannes Schindelin wrote:
> > On Mon, 22 Aug 2016, Philip Oakley wrote:
> >> I do note that dscho's patches now have the extra footer (below the
> >> three dashes) e.g.
> >> Published-As: https://github.com/dscho/git/releases/tag/cat-file-filters-v1
> >> Fetch-It-Via: git fetch https://github.com/dscho/git cat-file-filters-v1
> > I considered recommending this as some way to improve the review process.
> > The problem, of course, is that it is very easy to craft an email with an
> > innocuous patch and then push some malicious patch to the linked
> > repository.
> It should be possible to verify the SHA1 of the blob before and after
> the patch is applied given the values listed near the beginning of the
> git diff output.
There is no guarantee that the SHA-1 has not been tampered with.
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html