Package: git-annex Version: 6.20170101-1+b1 Severity: minor Hi Richi, hi All,
on 2017-02-25, Joey found two corner cases in git-annex where the newly demonstrated SHA-1 collision weakness (as used in git) could also impact git-annex, *even when used with signed commits*. https://git-annex.branchable.com/devblog/day_450__hardening_against_SHA_attacks/ Of course he promptly fixed it. I am keenly aware that it's quite late in the game, but could you manage to roll a deb of 6.20170301 or newer for the stretch release ? Strech is going to be around for a while and the SHA-1 attacks will only increase in potency during its lifetime. I'll help convince the release team. ;-) Cheers, Philipp
