|
|
|
|
|
|
by hannob
2586 days ago
|
|
|
> Git isn't really designed for cryptographic security, is it? Well, the git documentation says it is:
https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work It is certainly not helpful that Linus at the same time says conflicting things publicly. It would be nice to have some clearly documented expected security properties of the git structure. This confusion is all a bit unfortunate. While the attack scenarios are obscure, with a secure hash function Git would have some really nice properties to use it in other areas, it would effectively be a secure append-only log. (Some people call this something with the B word which I'll avoid, but that's effectively what it is.) |
|
|