Y
Hacker News
new
|
ask
|
show
|
jobs
by
bhhaskin
3385 days ago
The sha1 hash isn't used for security. You should be signing your commits if security is a concern.
1 comments
nshepperd
3385 days ago
Uh, even a signed commit does still rely on the sha1 hash of the actual tree object and any parent commits. It won't stop something bad from happening if you fetch from a sha1 repo.
link