On Mon, Sep 15, 2014 at 6:11 PM, Gordon Pettey <petteyg...@gmail.com> wrote: > > Even if you wanted to burn the money to find that magical collision that > actually contains working code, you've still got to somehow propagate that > to other repositories, since they'll just ignore it for having the same hash > as an already-existing object. >
Well, if you're willing to trust that nobody is able to tamper with repositories, then you don't need gpg signatures in the first place. I think that gpg signatures protected by an SHA1 hash provide fairly little security - a chain is as strong as its weakest link and sha1 has been considered fairly weak for years now. However, I think it does make sense to at least get gpg into the workflow in the hopes that some day git will move to a stronger hash, and since it isn't a huge hardship to do so. I wouldn't make too light of the use of SHA1 though. As you point out simply exploiting it isn't enough, but the whole reason for having signatures is to make an attack on a central repository useless. Having gpg on top of ssh keys and all that is obviously redundant, but that is the whole point of it. -- Rich
