boyska wrote:> On Sat, Nov 01, 2014 at 08:07:04AM +0000, Patrick Schleizer wrote: >> By chance I found https://github.com/boyska/git-verify repo. > > hey, that's me :P
That's why I explicitly added you to cc. :) >> At Whonix we're currently discussing various aspects of git security. >> Especially since git still uses SHA-1 and if git (submodule) >> verification is safe against adversaries, that can produce SHA-1 >> collisions. > > Seems a really good point, but... can't you just recursively run > git-verify? Not sure if required or a solution. As I understand - using git submodules or not - git verify also is only a gpg verification of a SHA-1 hash. _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
