On Wed, 23 Apr 2008, Robin Rosenberg wrote:
onsdagen den 23 april 2008 09.47.57 skrev Fedor Sergeev:
If one manages to hack on repository one can modify it enormous amount of
ways, including spoofing on SHA (providing wrong contents for it - does
git verify that when getting a pack?), utilizing bugs in git etc...
The pack transfer protocol does not transfer the SHA of objects, only the
contents is transferred. The SHA-1 is (has to be since it is not sent)
reconstructed on the receiving end.
Thats nice. Then I agree its difficult to spoil superproject out of
submodule other than it just does not checkout.
regards,
Fedor.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
