On Sun, Mar 31, 2024 at 10:27:05AM +0200, Simon Josefsson wrote:
> Gioele Barabucci writes:
>
> > But pulling a successful collision attack is not a trivial task. For
> > instance, the xz attacker did not have all that was required to carry
> > it out (for example they had no direct access to the
Gioele Barabucci writes:
> But pulling a successful collision attack is not a trivial task. For
> instance, the xz attacker did not have all that was required to carry
> it out (for example they had no direct access to the git
> servers... yet).
Is that necessary? It seems that if you have push
On 30/03/24 23:09, Simon Josefsson wrote:
Russ Allbery writes:
Simon Josefsson writes:
Sean Whitton writes:
We did some analysis on the SHA1 vulnerabilities and determined that
they did not meaningfully affect dgit & tag2upload's design.
Can you share that analysis? As far as I unders
3 matches
Mail list logo
