On 1/15/23 00:59, brian m. carlson wrote:
However, Git is moving in the direction of stronger cryptographic algorithms, rather than insecure hashing algorithms. I don't think your proposal is a good idea, nor do I think it's likely to be adopted.
I disagree. There is no need for signing in a version control system. It just makes it harder to change things, like the right-to-repair. In my eyes there is a high chance of abuse, by vendors that do no want others to flash or edit their device firmwares.
--HPS