On Thu, Sep 11, 2014 at 11:18 AM, Richard Hipp <d...@sqlite.org> wrote: > On Thu, Sep 11, 2014 at 12:07 PM, Nico Williams <n...@cryptonector.com> > wrote: >> Nothing can really be made immutable, but you can detect mutation. > > No. Version 9491ba7d738528f168657adb43a198238abde19e (the SQLite 3.8.6 > release) cannot be modified in any way without changing its hash value, thus > making it something different. (Unless you can mount a pre-image attack > against SHA1 - let's assume that is impossible.)
But the repo containing it can be mutated to, for example, no longer have that commit. This can only be detected. It can't be prevented. Merkle hash chains are only one part of the detection story. Digital signatures and/or replication are another. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
