Hi Arif, On Thu, 25 Aug 2016, Arif Khokar wrote:
> On 08/24/2016 09:04 AM, Johannes Schindelin wrote: > > > > On Mon, 22 Aug 2016, Philip Oakley wrote: > > >> I do note that dscho's patches now have the extra footer (below the > >> three dashes) e.g. > >> > >> Published-As: https://github.com/dscho/git/releases/tag/cat-file-filters-v1 > >> Fetch-It-Via: git fetch https://github.com/dscho/git cat-file-filters-v1 > > <snip> > > > I considered recommending this as some way to improve the review process. > > The problem, of course, is that it is very easy to craft an email with an > > innocuous patch and then push some malicious patch to the linked > > repository. > > It should be possible to verify the SHA1 of the blob before and after > the patch is applied given the values listed near the beginning of the > git diff output. There is no guarantee that the SHA-1 has not been tampered with. Ciao, Johannes
