[Whonix-devel] [qubes-devel] How safe are signed git tags? Only as safe as SHA-1 or somehow safer?

Patrick Schleizer patrick-mailinglists at whonix.org
Sun Nov 23 22:59:22 CET 2014


Summary:

We're hosed.

- Looks like signed git tags are only as safe as SHA-1 + [...] for git
cloners.
- They're aware of the issue.
- Probably no one will be working on it anytime soon.
- They disagree on the security (weakness) of SHA-1.
- They'd welcome patches.

Source, asked on the git mailing list:
http://www.mail-archive.com/[email protected]/msg61087.html


More information about the Whonix-devel mailing list