Re: The move to git!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> wrote:
> No.  If the attacker MITMs the entire connection, they can lie about the
> values of the remote refs too, so there is no need to find a hash
> collision.

And how would you then be allowed to push? The git server would see that
your history doesn't match the history it has and will refuse the
commits. If they MITM your SSH push connection, I believe you have
bigger fish to fry.

--Ben

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux