On 4/21/07, Marco Costalba <mcostalba@xxxxxxxxx> wrote:
I would say this probability is veery veery low in random case (not a malicious attack of course, but I think this is not the case with git repository as it was with SHA1 designers).
The SHA is also a security signature against tampering. All commits having an SHA. These SHAs are repeated into a check-in entry, which then gets an SHA. Releases are identified by publishing an SHA. You take the release SHA and use it to find/verify the commit record. Opening the commit record gives you the SHA of all of the pieces of the commit. (I simplified this by ignoring trees). This stops some one from altering a file in a git repo as a way of inserting malicious code. If you alter a file all of the SHAs that depend on it will change. It is very, very difficult to figure out how to patch a file and not change the SHA for it. This is a real problem and people have tried to secretly insert code into the Linux kernel in the past. -- Jon Smirl jonsmirl@xxxxxxxxx - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html