On Mon, Aug 28, 2006 at 11:46:39AM -0700, Linus Torvalds wrote: > Sure. But if you are pulling from an untrusted source, you'd better at > least check the result. I completely agree; however, even discussing "earlier takes precedence" entails that you are somehow pulling from an untrusted source. I just wanted to point out that "earlier" does not always mean "more trusted than the thing you're pulling now" (since it might have just been pulled earlier, not created or verified by you). > Anybody who just blindly accepts data from untrusted sources is screwed in > so many other ways that the hash attack simply isn't even on the radar. Agreed. -Peff - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html