Git is insecure by default (opens in new tab)

(groups.google.com)

11 pointsdoki_pen10y ago2 comments

2 comments

What this means is git doesn't make sure that blobs match shas on fetch. Malicious control of source or network can insert nasty things and git won't notice. Solution is setting transfer.fsckobjects = true.

noselasd10y ago

Any good reason this isn't the default ?

j / k navigate · click thread line to collapse

Git is insecure by default (opens in new tab)

(groups.google.com)

11 pointsdoki_pen10y ago2 comments

2 comments

doki_penOP10y ago

What this means is git doesn't make sure that blobs match shas on fetch. Malicious control of source or network can insert nasty things and git won't notice. Solution is setting transfer.fsckobjects = true.

noselasd10y ago

Any good reason this isn't the default ?

j / k navigate · click thread line to collapse