[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: .gitmodules security

From: Mike Frysinger
Subject: Re: .gitmodules security
Date: Sun, 6 Feb 2022 16:43:47 -0500

On 06 Feb 2022 14:59, Alex Ameen wrote:
> Hey, I can't claim to be an expert about this category of vulnerability; 
> but I appreciate you raising this concern.

it requires more than a MITM to be successful.  you'd also have to come up with
a sha1 collision which is non-trivial for most people.  not out of the reach of
nation states, but we prob aren't the target market :p.

i'm not against changing to https of course, just providing a bit more color.

> So is your recommendation to use 
> instead of 
> git://

i'll note that just about every GNU project utilizes gnulib is using the git://
style.  looks like gnulib itself only changed its advice about a year ago.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]