The move to git!
Martin Langhoff
martin.langhoff at gmail.com
Tue Aug 3 15:29:20 UTC 2010
On Tue, Aug 3, 2010 at 11:16 AM, Matt McCutchen <matt at mattmccutchen.net> wrote:
> don't want malware landing on my machine because someone did a MITM
> attack on a Fedora maintainer's unencrypted "git fetch" and inserted
> some extra patches to get pushed back to the real repository later.
The git protocol makes it extremely hard to inject malware
successfully. It would have to match sha1, _and_ match resulting
filesize _and_ be meaningful code, all without the benefits of
preimaging.
Even for crypto hashes that have been "broken" for a while, doing the
above is a huge challenge.
If you do consider this a real risk, here's someone who wants to want
to play with you, and build a bunker, 5 miles underground...
http://marc.info/?l=git&m=111375923219555&w=2
:-)
martin (formerly, a git hacker)
--
martin.langhoff at gmail.com
martin at laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
More information about the devel
mailing list