[Whonix-devel] [Tails-dev] git (submodule) security

boyska piuttosto at logorroici.org
Sat Nov 1 23:42:00 CET 2014

On Sat, Nov 01, 2014 at 08:07:04AM +0000, Patrick Schleizer wrote:
>By chance I found https://github.com/boyska/git-verify repo.

hey, that's me :P as you can see, it's a very simple script. I'm not
completely sure that it works exactly as I expect, and I am not even
sure that what I expect for "verification" is what everyone would.

I'd like to do some unit tests about the code, but it is quite
hard/boring to do that. Any contribution about better code, better
testing, etc will be really appreciated. Actually, I was very surprised
to not being able to find some script similar to what I wrote.

>At Whonix we're currently discussing various aspects of git security.
>Especially since git still uses SHA-1 and if git (submodule)
>verification is safe against adversaries, that can produce SHA-1 collisions.

Seems a really good point, but... can't you just recursively run git-verify?

>I was wondering, if you might be interested to join the discussion? [1]

I am really interested, thanks for sharing!


More information about the Whonix-devel mailing list