On Tue, 2010-08-03 at 11:29 -0400, Martin Langhoff wrote:
> On Tue, Aug 3, 2010 at 11:16 AM, Matt McCutchen <m...@mattmccutchen.net>
> wrote:
> > don't want malware landing on my machine because someone did a MITM
> > attack on a Fedora maintainer's unencrypted "git fetch" and inserted
> > some extra patches to get pushed back to the real repository later.
>
> The git protocol makes it extremely hard to inject malware
> successfully. It would have to match sha1, _and_ match resulting
> filesize _and_ be meaningful code, all without the benefits of
> preimaging.
>
> Even for crypto hashes that have been "broken" for a while, doing the
> above is a huge challenge.
>
> If you do consider this a real risk, here's someone who wants to want
> to play with you, and build a bunker, 5 miles underground...
> http://marc.info/?l=git&m=111375923219555&w=2
I have to say I was tickled by Linus' imagination of how five year olds
behave:
"That's not engineering. That's five-year-olds discussing building their
imaginary forts ("I want gun-turrets and a mechanical horse one mile
high, and my command center is 5 miles under-ground and totally encased
in 5 meters of lead")."
Clearly Linus stood out even in his youth =)
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
