Answer by Peter Green for How safe are signed git tags? Only as safe as SHA-1...
The following is my understanding.Git identifies pretty much everything by sha1 hashes. Your signed tag references the commit by it's sha1 hash, the commit identifies the "tree" by it's sha1 hash and...
View ArticleAnswer by user10008 for How safe are signed git tags? Only as safe as SHA-1...
There is no contradiction. Linus himself said in that same talk:If I have those 20 bytes, I can download a git repository from a completely untrusted source and I can guarantee that they did not do...
View ArticleAnswer by smrt28 for How safe are signed git tags? Only as safe as SHA-1 or...
Signed git tag is just a signed SHA1 checksum. Very simply said, every git commit is SHA1 checksum of the previous commit (which also contains SHA1 of its previous commit which also contains SHA1...
View ArticleHow safe are signed git tags? Only as safe as SHA-1 or somehow safer?
How safe are signed git tags? Especially because git uses SHA-1. There is contradictory information around.So if one verifies a git tag (git tag -v tagname), then checksouts the tag, and checks that...
View Article
