Nguyen Thai Ngoc Duy <pclouds@xxxxxxxxx> writes: > On Sat, Mar 3, 2012 at 1:59 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote: >> But now you brought it up, I think we may also need to worry about a >> corrupt pre-existing loose blob object. In general, we tend to always >> favor reading objects from packs over loose objects, but I do not know >> offhand what repacking would do when there are two places it can read the >> same object from (it should be allowed to pick whichever is easier to >> read). > > Corrupt accidentally or on purpose? Does not matter. The attack outlined does not require you to write a corrupt one into victim's repository. You only need to _know_ one that the victim happens to have. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html