[Whonix-devel] [qubes-devel] How safe are signed git tags? Only as safe as SHA-1 or somehow safer?
Patrick Schleizer
patrick-mailinglists at whonix.org
Sun Nov 23 22:59:22 CET 2014
Summary:
We're hosed.
- Looks like signed git tags are only as safe as SHA-1 + [...] for git
cloners.
- They're aware of the issue.
- Probably no one will be working on it anytime soon.
- They disagree on the security (weakness) of SHA-1.
- They'd welcome patches.
Source, asked on the git mailing list:
http://www.mail-archive.com/[email protected]/msg61087.html
More information about the Whonix-devel
mailing list