|
|
|
|
|
|
by twistedpair
1989 days ago
|
|
|
> further tie a specific malicious binary to a particular commit Git uses SHA1 for hashes, right? Aren't there demonstrations that SHA1 hashing is cracked, so you could craft a replacement commit that hashed to the same value, in theory. |
|
|
SHA1 hash collisions are hard, especially when the data you can inject needs to look like code to a human and compile correctly. But the concern is valid so it's good that git is improving in this way.