Holger Hellmuth <hellmuth@xxxxxxxxxx> writes: > On 07.03.2012 22:27, Ævar Arnfjörð Bjarmason wrote: >> Does something other than git-fsck actually check whether the >> collection of blobs you're getting from the remote when you clone have >> sensible sha1's? >> >> What'll happen if he replaces that 550MB blob with a 0 byte blob but >> hacks the object store so that it pretends to have the same sha1? > > This is something I tested once because of security concerns > (i.e. what happens if a malicious intruder just drops something else > into the object store) and if I remember correctly only git-fsck was > able to spot the switch. But I didn't test cloning, only a few local > operations. Local operation that do not have to look at such a corrupt blob will not verify everything under the sun every time for obvious reasons. An operation to transfer objects out of the repository (e.g. serving as the source of "clone" from elsewhere) will notice when it has to send such a corrupt object and you will be prevented from spreading the damage. The same thing for a transfer in the reverse direction. When the other side tells us that it is giving us everything we asked, we still look at all the objects we received to make sure. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html