1 |
On Sun, Sep 14, 2014 at 6:56 PM, hasufell <hasufell@g.o> wrote: |
2 |
> According to Robin, it's not about rebasing, it's about signing all |
3 |
> commits so that messing with the blob (even if it has the same sha-1) |
4 |
> will cause signature verification failure. |
5 |
> |
6 |
|
7 |
The only thing that gets signed is the commit message, and the only |
8 |
thing that ties the commit message to the code is the sha1 of the |
9 |
top-level tree. If you can attack sha1 either at any tree level or at |
10 |
the blob level you can defeat the signature. |
11 |
|
12 |
That is way better than nothing though - I think it is worth pursuing |
13 |
until somebody comes up with a way to upgrade git to more secure |
14 |
hashes. Most projects don't gpg sign their trees at all, including |
15 |
linux. |
16 |
|
17 |
-- |
18 |
Rich |