A set of ideas pertaining to cryptographic validation of Git release branches and artifacts:https://gist.github.com/djspiewak/a6cef156708c6a95906d …
@djspiewak @puffnfresh that won't help unless you can pull off a second preimage attack, which we don't know how to do today
-
-
@djspiewak@puffnfresh we should definitely move away from SHA1, but the attacks are entirely hypothetical at this point -
@bascule@puffnfresh Even beyond hypothetical attacks, signing the directory is very nice since it narrows the scope of detection.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.