Matt McCutchen <m...@mattmccutchen.net> wrote: > No. If the attacker MITMs the entire connection, they can lie about the > values of the remote refs too, so there is no need to find a hash > collision.
And how would you then be allowed to push? The git server would see that your history doesn't match the history it has and will refuse the commits. If they MITM your SSH push connection, I believe you have bigger fish to fry. --Ben -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
