Hacker News new | ask | show | jobs
by mschuster91 2064 days ago
Compare the sha commit hashes of the top commit against the hashes from the old "true" repo. If they match the repo (and the history) has not been changed. Subsequent commits can be manually audited.
1 comments
bArray 2063 days ago
> Compare the sha commit hashes of the top commit against

> the hashes from the old "true" repo.

Isn't it just SHA1? I think it's generally accepted it's not secure...

Also it would be quite easy to build a clone repo that looks the part with all the correct hashes, the git "database" structure is quite simple.

link