On 11/28/2012 01:27 AM, Jeff King wrote:
> On Tue, Nov 27, 2012 at 06:30:17PM -0500, Aaron Schrab wrote:
>
>> At 18:07 -0500 27 Nov 2012, Jeff King wrote:
>>> PS I also think the OP's "sockpuppet creates innocuous bugfix" above is
>>> easier said than done. We do not have SHA-1 collisions yet,
On Tue, Nov 27, 2012 at 06:30:17PM -0500, Aaron Schrab wrote:
> At 18:07 -0500 27 Nov 2012, Jeff King wrote:
> >PS I also think the OP's "sockpuppet creates innocuous bugfix" above is
> > easier said than done. We do not have SHA-1 collisions yet, but if
> > the md5 attacks are any indication,
At 18:07 -0500 27 Nov 2012, Jeff King wrote:
PS I also think the OP's "sockpuppet creates innocuous bugfix" above is
easier said than done. We do not have SHA-1 collisions yet, but if
the md5 attacks are any indication, the innocuous file will not be
completely clean; it will need to have
On Sat, Nov 24, 2012 at 10:09:31AM -0800, Shawn O. Pearce wrote:
> On Sat, Nov 24, 2012 at 3:12 AM, Michael Hirshleifer <111...@caltech.edu>
> wrote:
> > Evil Guy creates 2 files, 1 evil and 1 innocuous, with the same SHA-1
> > checksum (including Git header). Mr. Evil creates a local branch with
I don't think there is an issue the way you have tried to describe
this scenario.
On Sat, Nov 24, 2012 at 3:12 AM, Michael Hirshleifer <111...@caltech.edu> wrote:
> Evil Guy creates 2 files, 1 evil and 1 innocuous, with the same SHA-1
> checksum (including Git header). Mr. Evil creates a local bra
Evil Guy creates 2 files, 1 evil and 1 innocuous, with the same SHA-1
checksum (including Git header). Mr. Evil creates a local branch with an
innocuous name like “test-bugfix”, and adds a commit containing a
reference to the evil file. Separately, using a sockpuppet, Evil Guy
creates an innocu
6 matches
Mail list logo
