undefined | Better HN

0 pointsbhhaskin9y ago0 comments

The sha1 hash isn't used for security. You should be signing your commits if security is a concern.

0 comments

Uh, even a signed commit does still rely on the sha1 hash of the actual tree object and any parent commits. It won't stop something bad from happening if you fetch from a sha1 repo.

j / k navigate · click thread line to collapse

0 pointsbhhaskin9y ago0 comments

The sha1 hash isn't used for security. You should be signing your commits if security is a concern.

0 comments

nshepperd9y ago

Uh, even a signed commit does still rely on the sha1 hash of the actual tree object and any parent commits. It won't stop something bad from happening if you fetch from a sha1 repo.

j / k navigate · click thread line to collapse