| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
On 11/04/2015 05:18 PM, hasufell wrote: |
| 5 |
> On 11/04/2015 09:56 AM, Andrew Savchenko wrote: |
| 6 |
>> No, it is not. The whole git tree is insecure and no better than |
| 7 |
>> rsync or CVS in terms of data security because SHA1 is |
| 8 |
>> vulnerable. |
| 9 |
>> |
| 10 |
> |
| 11 |
> Another one who is confusing _any_ collision with _preimage attack_ |
| 12 |
> ;) |
| 13 |
> |
| 14 |
|
| 15 |
Or even worse, 2nd preimage :) In all seriousness, though, it is |
| 16 |
indeed an important distinction. As for OpenPGP signed distribution of |
| 17 |
files in rsync as well, it is certainly something I look forwards to |
| 18 |
and Gentoo Keys project is working hard on. |
| 19 |
|
| 20 |
- -- |
| 21 |
Kristian Fiskerstrand |
| 22 |
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net |
| 23 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
| 24 |
-----BEGIN PGP SIGNATURE----- |
| 25 |
|
| 26 |
iQEcBAEBCgAGBQJWOjIcAAoJECULev7WN52FivEH/RssmJdQLug2E4B0ZUMUBDum |
| 27 |
fp5E4PipD9WBFIfqwK36acp/QoJIAjsQrA6B8bfOoK+AVCryQGbMNlR2OAWZzZrG |
| 28 |
ISn3TTsXjfBeyP0ajiFT1qfTe9OvLNpweyB1GUBvq0vnvtDdmET1DO2d2Yxagmyz |
| 29 |
41+QtEWw0s3yypinpgyWqkz5ddJxCAnIXPrOVwwdJJx1yRvAP3rnoM7vvoSCjJps |
| 30 |
SannPK1ks6ChXtXhEpIX0cHTgm9oXAnn+BhbEGWISuziOfOXmIrBLmPZG9ZYdwEM |
| 31 |
vttt3uRXc42VBG4zLgKq0Qc5TtD4IsWtGn+Hm4sNYV3atHPS78LW05h82HrE7Fo= |
| 32 |
=63hW |
| 33 |
-----END PGP SIGNATURE----- |
Archives