On 12.06.24 14:18, Ian Jackson wrote:
The alternative would be a SHA256 manifest of the git tree.
I assume we could just wait another four years. By that time all git tooling should support sha256 natively, all our git trees can be converted to default to using sha256, and so on. I'd also like to note that git is no longer vulnerable[1] to the SHAttered attack[2]. [1]https://git-scm.com/docs/hash-function-transition [2] htps://shattered.io -- -- mit freundlichen Grüßen -- -- Matthias Urlichs
OpenPGP_signature.asc
Description: OpenPGP digital signature
