On Sat, Nov 01, 2014 at 08:07:04AM +0000, Patrick Schleizer wrote:
>By chance I found https://github.com/boyska/git-verify repo.
hey, that's me :P as you can see, it's a very simple script. I'm not
completely sure that it works exactly as I expect, and I am not even
sure that what I expect for "verification" is what everyone would.
I'd like to do some unit tests about the code, but it is quite
hard/boring to do that. Any contribution about better code, better
testing, etc will be really appreciated. Actually, I was very surprised
to not being able to find some script similar to what I wrote.
>At Whonix we're currently discussing various aspects of git security.
>Especially since git still uses SHA-1 and if git (submodule)
>verification is safe against adversaries, that can produce SHA-1 collisions.
Seems a really good point, but... can't you just recursively run git-verify?
>I was wondering, if you might be interested to join the discussion? [1]
I am really interested, thanks for sharing!
--
boyska