Y
Hacker News
new
|
ask
|
show
|
jobs
by
nshepperd
3385 days ago
Uh, even a signed commit does still rely on the sha1 hash of the actual tree object and any parent commits. It won't stop something bad from happening if you fetch from a sha1 repo.