> Github is trusted because of in git (i.e. block-chain) it's impossible to
> have different content under the same hash-tag.
That's not actually true. Git uses SHA1 and collisions have been done to Git
with it. That also said, GitHub archives may or may not be reproducible. And
Git refs are not guaranteed to be stable either, as people can rewrite or
modify them without any notice. The checksums make it so such changes are
detected.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/463#issuecomment-886684247
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
