On Wed, 2010-08-04 at 01:33 -0700, Matt McCutchen wrote:
> On Tue, 2010-08-03 at 22:09 +, Ben Boeckel wrote:
> > Matt McCutchen wrote:
> > > No. If the attacker MITMs the entire connection, they can lie about the
> > > values of the remote refs too, so there is no need to find a hash
> > > co
On Tue, 2010-08-03 at 22:09 +, Ben Boeckel wrote:
> Matt McCutchen wrote:
> > No. If the attacker MITMs the entire connection, they can lie about the
> > values of the remote refs too, so there is no need to find a hash
> > collision.
>
> And how would you then be allowed to push? The git se
