On Monday, August 22, 2011 15:28:57 Robin H. Johnson wrote:
> Unresolved items:
> - commit signing
> - thin Manifests

how exactly are these two supposed to interact ?  the previous discussion 
seemed to miss signing.  if devs sign the thin manifests, when we go to 
produce the full manifest for rsync, we invalidate the signature.

also, a previous assertion was made which i think is incorrect:
	Due to the distributed nature of git, to do mischief, you need to
	change every clone in the world to be successful
each new sha1 comes from the previous state + new data.  so injecting code 
into the tip and finding a collision is not impossible and does not require 
modification of anything before it.  it would only be detected automatically 
by people who have the original commit, make new commits on top of that, and 
then attempt to push back again to the modified tree.  i.e. the attack is made 
against the source Gentoo repo sitting on our machines.

the other attack we want to prevent is MITM when people sync.  in this case, 
someone who syncs over git:// is perpetually vulnerable with thin manifests as 
the attacker can keep recomputing the collisions so that the modified tree 
keeps ending up with the same digests as the public one.  and the end user 
never notices without manually reviewing everything themselves.

further, it was stated:
	This has nothing to do with strength of the hash used by git
well, it sort of does.  sha1 has been shown to be weaker than brute forcing, 
and while right now it might not be computationally feasible to inject useful 
code in realtime, that is not something we should be betting on.  attacks only 
get better over time ... even in 2004 security conscious people started 
talking about migrating away from it.  and now in 2012, we want to talk about 
migrating purely to it ?
-mike