Rich Freeman: > On Sun, Sep 14, 2014 at 6:56 PM, hasufell <hasuf...@gentoo.org> wrote: >> According to Robin, it's not about rebasing, it's about signing all >> commits so that messing with the blob (even if it has the same sha-1) >> will cause signature verification failure. >> > > The only thing that gets signed is the commit message, and the only > thing that ties the commit message to the code is the sha1 of the > top-level tree. If you can attack sha1 either at any tree level or at > the blob level you can defeat the signature. >
So can we get this clear now. Robin said > The Git commit-signing design explicitly signs the entire commit, including > blob contents, to avoid this security problem. Is this correct or not?
