|
|
|
|
|
|
by fl7305
812 days ago
|
|
|
> Are they 100% sure history was not rewritten at any point? With git, one way to check is if other people still have clones of the xz repository from a time when it was trusted. If you suspect the repo history has been tampered with, you can check against those copies. I believe it would be hard to introduce such a history rewrite, since people pulling from the xz repo would start getting git error messages when things don't match up? I don't know to what degree intentional SHA-1 hash collisions could be used to work around that? |
|
|