Shawn Pearce <spearce@xxxxxxxxxxx> writes: > Again, the repository owner would notice on their next push, and > notify people the repository is not to be trusted. For simple attack, yes. But if the server is compromised, you can't trust it anymore to error out on non-fast-forward. I don't think it would be very complex to write a modified Git server that would come back to the official history before a push, and re-introduce faulty commits right after. pushers wouldn't notice, and fetchers would get compromised history. OTOH, non-fast-forward fetches can be reliably detected client-side, and I like being able to think "whatever the server does, I don't care because I'm using Git". -- Matthieu Moy http://www-verimag.imag.fr/~moy/ -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html