Could you file an issue for this in https://code.google.com/p/support and ping this thread with it? That seems like a reasonable feature to me, but having it in the issue tracker will help us get an idea of how valuable it might be to add.
On Mon, Jan 16, 2012 at 2:45 AM, Thomas Koch <[email protected]> wrote: > Hi, > > related to the question on MD5, I'd propose to remove the SHA-1 altogether. In > my understanding it provides absolutely no security but gives the user a false > sense of security. > If an attacker is able to falsify the download, why shouldn't he be able to > also falsify the checksum? Or am I missing something? > > The only proper countermeasure is a GPG signature with a trust path from my > key to the signers key. > > Related to this, it would be a very good thing, if the user interface for Git > tags would somehow distinguish between signed and unsigned tags and encourages > developers to use signed tags for release points. > > Best regards, > > Thomas Koch, http://www.koch.ro > > -- > You received this message because you are subscribed to the Google Groups > "Project Hosting on Google Code" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-code-hosting?hl=en. > -- You received this message because you are subscribed to the Google Groups "Project Hosting on Google Code" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-code-hosting?hl=en.
