1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
On 11/04/2015 05:18 PM, hasufell wrote: |
5 |
> On 11/04/2015 09:56 AM, Andrew Savchenko wrote: |
6 |
>> No, it is not. The whole git tree is insecure and no better than |
7 |
>> rsync or CVS in terms of data security because SHA1 is |
8 |
>> vulnerable. |
9 |
>> |
10 |
> |
11 |
> Another one who is confusing _any_ collision with _preimage attack_ |
12 |
> ;) |
13 |
> |
14 |
|
15 |
Or even worse, 2nd preimage :) In all seriousness, though, it is |
16 |
indeed an important distinction. As for OpenPGP signed distribution of |
17 |
files in rsync as well, it is certainly something I look forwards to |
18 |
and Gentoo Keys project is working hard on. |
19 |
|
20 |
- -- |
21 |
Kristian Fiskerstrand |
22 |
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net |
23 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
24 |
-----BEGIN PGP SIGNATURE----- |
25 |
|
26 |
iQEcBAEBCgAGBQJWOjIcAAoJECULev7WN52FivEH/RssmJdQLug2E4B0ZUMUBDum |
27 |
fp5E4PipD9WBFIfqwK36acp/QoJIAjsQrA6B8bfOoK+AVCryQGbMNlR2OAWZzZrG |
28 |
ISn3TTsXjfBeyP0ajiFT1qfTe9OvLNpweyB1GUBvq0vnvtDdmET1DO2d2Yxagmyz |
29 |
41+QtEWw0s3yypinpgyWqkz5ddJxCAnIXPrOVwwdJJx1yRvAP3rnoM7vvoSCjJps |
30 |
SannPK1ks6ChXtXhEpIX0cHTgm9oXAnn+BhbEGWISuziOfOXmIrBLmPZG9ZYdwEM |
31 |
vttt3uRXc42VBG4zLgKq0Qc5TtD4IsWtGn+Hm4sNYV3atHPS78LW05h82HrE7Fo= |
32 |
=63hW |
33 |
-----END PGP SIGNATURE----- |