John Gilmore made an attempt to convince Linus that module hash functions in Git was a good idea. This is some of the email chain.
This was actually sent to Cryptography mailing list on 26/02/2017, but the bulk of the content is from 2005.
John Gilmore made an attempt to convince Linus that module hash functions in Git was a good idea. This is some of the email chain.
This was actually sent to Cryptography mailing list on 26/02/2017, but the bulk of the content is from 2005.
Or you know, they could have just put a root kit in the commit you pulled to begin with. If you are already pulling code from an untrustworthy source into your repo, I don’t see how a collided hash makes it much worse.