On 02/23/2017 07:31 PM, Warren Young wrote:
All of this is not to say that Git doesn’t have a problem. They do.
It’s just that the problem in question doesn’t affect the integrity of
git.centos.org, as far as I can see.
Thanks for the good answer, Warren.
Since last posting on this, I've been watching traffic on NANOG about
it, and then Linus weighed in on the issue at
https://plus.google.com/+LinusTorvalds/posts/7tp2gYWQugL which, in a
nutshell, says: 1.) The sky isn't falling even though there is an actual
issue with this; 2.) There are a couple of patches mitigating the
primary modes of this attack; 3.)GIT will be upgrading to another hash,
and that upgrade won't break existing repos.
So even in Linus' words it's not a ridiculous conversation, but it's not
super urgent, either. Which is the kind of statement I was after, and
the type of information I was looking for.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
