You don't need a hash collision to change data in a git pull connection. The only thing you need to do is to send your own hash when the client asks for the current HEAD sha of master. It will be detected next time you update, if the attacker is not still there and remember the lies he told you, because git will warn that the history changed.
- Re: [julia-users] git SSL problems with METADATA.jl Isaiah Norton
- Re: [julia-users] git SSL problems with METADATA.jl Florian Oswald
- Re: [julia-users] git SSL problems with METADATA.jl Florian Oswald
- Re: [julia-users] git SSL problems with METADATA.jl gael . mcdon
- Re: [julia-users] git SSL problems with METADATA.jl Florian Oswald
- Re: [julia-users] git SSL problems with METADATA.jl Ivar Nesje
- Re: [julia-users] git SSL problems with METADATA.jl Florian Oswald
- Re: [julia-users] git SSL problems with METADATA.jl Stefan Karpinski
- Re: [julia-users] git SSL problems with METADATA.jl gael . mcdon
- Re: [julia-users] git SSL problems with METADATA.jl Stefan Karpinski
- Re: [julia-users] git SSL problems with METADATA.jl Ivar Nesje
