On Mon, Aug 28, 2006 at 10:56:01AM -0700, Linus Torvalds wrote: > However, the "earlier will override" is very much what you want from a > security standpoint: remember that the git model is that you should > primarily trust only your _own_ repository. So if you do a "git pull", the This concept breaks down somewhat if you are pulling from two repositories (one good and one evil). If I pull from the evil repo first, that will become my "earlier" object, and I will never get the colliding object from the good repo. Executing such an attack might not be that hard, either (once we get over that little hump of creating collisions at will!). The owner of 'evil' has to know a SHA1 that will be in 'good' before it makes it to 'good'. However, I imagine we frequently see SHA1s migrate from more central repos (like .../torvalds/linux-2.6.git) to less central ones (subsystem / port maintainers, etc). -Peff - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html