Y
Hacker News
new
|
ask
|
show
|
jobs
by
slimsag
1088 days ago
That won't help you very much. There's no guarantee the commit belongs to the named repository with e.g. raw links[0].
[0]
https://twitter.com/slimsag/status/1672421999698903043
2 comments
faangsticle
1088 days ago
Of course it will, since you'll either get the commit you wanted at the time you wrote the script, or an error.
link
bqmjjx0kac
1088 days ago
Unless someone is very good at finding SHA1 collisions.
link
NhanH
1088 days ago
The collisions need to deliver malicious payload as well, making it extra hard
link
manwe150
1088 days ago
Those are still very hard to get for a random hash, and GitHub I think warns (or blocks?) you if you try to push a hash with a known vulnerability.
link
glandium
1088 days ago
If you clone the repo, it won't be there.
link