1 |
Rich Freeman: |
2 |
> On Sun, Sep 14, 2014 at 6:56 PM, hasufell <hasufell@g.o> wrote: |
3 |
>> According to Robin, it's not about rebasing, it's about signing all |
4 |
>> commits so that messing with the blob (even if it has the same sha-1) |
5 |
>> will cause signature verification failure. |
6 |
>> |
7 |
> |
8 |
> The only thing that gets signed is the commit message, and the only |
9 |
> thing that ties the commit message to the code is the sha1 of the |
10 |
> top-level tree. If you can attack sha1 either at any tree level or at |
11 |
> the blob level you can defeat the signature. |
12 |
> |
13 |
|
14 |
So can we get this clear now. |
15 |
|
16 |
Robin said |
17 |
> The Git commit-signing design explicitly signs the entire commit, including blob contents, to avoid this security problem. |
18 |
|
19 |
Is this correct or not? |