On 1/13/23 17:36, Konstantin Ryabitsev wrote:
I'm not sure what you mean here, but git is certainly not zero-trust. When you
clone linux.git from git.kernel.org, you're very much trusting that:
- I (or members of my team) didn't mess with the repository
- Linus (or someone who hacked his laptop) didn't mess with the repository
Git is tamper-evident, not tamper-proof, so by definition it cannot be
zero-trust.
Hi,
By using a cryptographic hash algorithm, the goal is to avoid tampering
you say, like tampering on the internet, ISP, cache node and so on. To
me that's clearly a zero-trust thought. You don't trust the guy(s) that
put down the infrastructure, neither those that provide that local cache
for the GIT repository, only the master repository. SHA-1 gives a
certain confidence, that if you checkout XXXXXXX, then you get a likely
expected result with reduced possibility of tampering.
Anyone could intercept a CRC protected blob and re-compute the hash and
send it on. But not a SHA-1 one.
I on the other hand trust the guys that put down the internet and are
providing the cache nodes for GIT.
It's two different world views.
--HPS