Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
leni536
11mo ago
0 comments
Save
Share
The question is whether recursive submodule checkout happens after some integrity/signature validation or before. The RCE can be an issue in the latter case.
0 comments
2 comments · 1 top-level
top
newest
oldest
johncolanduoni
11mo ago
· 1 in thread
There would also have to be a compromise of the transport (i.e. a MITM of HTTPS or SSH) to use this in most practical scenarios.
leni536
OP
11mo ago
It still weakens the security, otherwise why bother with integrity/signature checks if you trust the git remote?
j
/
k
navigate · click thread line to collapse
