From: Ciaran McCreesh <ciaran.mccreesh@googlemail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] git security (SHA-1)
Date: Wed, 17 Sep 2014 12:36:16 +0100 [thread overview]
Message-ID: <20140917123616.698dc947@googlemail.com> (raw)
In-Reply-To: <CA+qecRPDHd4-viS=eYtROgfe7hszxZO5Msb0b8mBiGge4orF1A@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 515 bytes --]
On Wed, 17 Sep 2014 07:21:08 -0400
Tim Boudreau <niftiness@gmail.com> wrote:
> If someone wants to commit malicious code into Gentoo, they're far
> more likely to take the ugly but pragmatic approach of, say, forcing
> someone to commit malicious code at gunpoint and then shooting them,
> than to go to the vast effort it would take to come up with malicious
> code that conveniently has the same SHA-1 hash as an existing commit.
...or getting themselves recruited. Even easier.
--
Ciaran McCreesh
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2014-09-17 11:36 UTC|newest]
Thread overview: 209+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-14 12:03 [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) Michał Górny
2014-09-14 13:09 ` Jauhien Piatlicki
2014-09-14 13:50 ` hasufell
2014-09-15 4:37 ` [gentoo-dev] " Duncan
2014-09-14 14:31 ` [gentoo-dev] " Michał Górny
2014-09-14 13:17 ` [gentoo-dev] " Ulrich Mueller
2014-09-14 13:22 ` Johannes Huber
2014-09-14 13:34 ` Ulrich Mueller
2014-09-14 14:38 ` Michał Górny
2014-09-14 13:23 ` [gentoo-dev] " Jauhien Piatlicki
2014-09-14 13:24 ` Jauhien Piatlicki
2014-09-14 13:25 ` "C. Bergström"
2014-09-14 13:32 ` Jauhien Piatlicki
2014-09-14 14:11 ` hasufell
2014-09-14 14:40 ` Michał Górny
2014-09-14 15:15 ` Kent Fredric
2014-09-14 15:40 ` Michał Górny
2014-09-14 21:57 ` W. Trevor King
2014-09-14 22:38 ` hasufell
2014-09-14 22:45 ` W. Trevor King
2014-09-14 22:56 ` hasufell
2014-09-14 23:13 ` Rich Freeman
2014-09-14 23:25 ` hasufell
2014-09-14 23:28 ` W. Trevor King
2014-09-14 23:37 ` Kent Fredric
2014-09-15 10:10 ` Jauhien Piatlicki
2014-09-15 10:35 ` [gentoo-dev] git security (SHA-1) hasufell
2014-09-15 12:02 ` hasufell
2014-09-15 22:11 ` Gordon Pettey
2014-09-15 22:41 ` Duy Nguyen
2014-09-15 22:52 ` Duy Nguyen
2014-09-15 23:59 ` Rich Freeman
2014-09-16 13:44 ` Ian Stakenvicius
2014-09-16 14:03 ` Rich Freeman
2014-09-16 14:30 ` Michael Orlitzky
2014-09-16 14:40 ` hasufell
2014-09-17 11:04 ` Aaron W. Swenson
2014-09-17 11:08 ` Ciaran McCreesh
2014-09-17 11:21 ` Tim Boudreau
2014-09-17 11:36 ` Ciaran McCreesh [this message]
2014-09-17 20:23 ` Michał Górny
2014-09-17 22:38 ` [gentoo-dev] " Duncan
2014-09-17 19:58 ` [gentoo-dev] " Piotr Szymaniak
2014-09-17 11:48 ` Aaron W. Swenson
2014-09-20 18:09 ` [gentoo-dev] " Ulrich Mueller
2014-09-20 18:45 ` Rich Freeman
2014-09-20 20:08 ` hasufell
2014-09-20 20:40 ` Ulrich Mueller
2014-09-20 21:01 ` hasufell
2014-09-20 21:14 ` Kent Fredric
2014-09-20 21:18 ` hasufell
2014-09-20 21:22 ` Kent Fredric
2014-09-20 21:23 ` hasufell
2014-09-20 21:24 ` Kent Fredric
2014-09-21 1:46 ` Duncan
2014-09-20 21:20 ` Ulrich Mueller
2014-09-20 21:23 ` hasufell
2014-09-21 0:58 ` Gordon Pettey
2014-09-21 1:20 ` Rich Freeman
2014-09-21 1:27 ` Peter Stuge
2014-09-21 1:43 ` Rich Freeman
2014-09-21 2:17 ` Peter Stuge
2014-09-21 3:08 ` Gordon Pettey
2014-09-21 7:15 ` Michał Górny
2014-09-21 7:54 ` Ulrich Mueller
2014-09-21 9:42 ` hasufell
2014-09-21 10:01 ` Michał Górny
2014-09-21 11:13 ` Ulrich Mueller
2014-09-21 11:25 ` Alon Bar-Lev
2014-09-21 11:53 ` hasufell
2014-09-20 21:13 ` Rich Freeman
2014-09-17 13:41 ` [gentoo-dev] " hasufell
2014-09-16 15:52 ` Peter Stuge
2014-09-16 14:33 ` Kent Fredric
2014-09-16 14:43 ` Ian Stakenvicius
2014-09-15 11:26 ` [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) Kent Fredric
2014-09-15 11:58 ` Piotr Szymaniak
2014-09-14 23:25 ` W. Trevor King
2014-09-14 23:15 ` W. Trevor King
2014-09-14 23:25 ` Kent Fredric
2014-09-14 23:15 ` Kent Fredric
2014-09-16 17:00 ` Luca Barbato
2014-09-14 13:40 ` Davide Pesavento
2014-09-14 13:55 ` hasufell
2014-09-14 14:26 ` Davide Pesavento
2014-09-14 14:46 ` Michał Górny
2014-09-15 1:30 ` Tim Harder
2014-09-15 1:57 ` Kent Fredric
2014-09-15 2:46 ` Tim Harder
2014-09-15 7:19 ` Michał Górny
2014-09-16 17:05 ` Luca Barbato
2014-09-16 20:44 ` Michał Górny
2014-09-14 15:30 ` Patrick Lauer
2014-09-14 15:42 ` hasufell
2014-09-14 15:57 ` Rich Freeman
2014-09-14 23:21 ` Patrick Lauer
2014-09-14 23:27 ` Kent Fredric
2014-09-14 23:34 ` Patrick Lauer
2014-09-14 23:39 ` hasufell
2014-09-15 0:59 ` Peter Stuge
2014-09-14 23:36 ` hasufell
2014-09-15 0:57 ` Rich Freeman
2014-09-15 1:06 ` Peter Stuge
2014-09-15 1:13 ` Kent Fredric
2014-09-15 17:42 ` Ian Stakenvicius
2014-09-15 18:35 ` [gentoo-dev] git basics hasufell
2014-09-15 19:29 ` Ian Stakenvicius
2014-09-15 20:24 ` hasufell
2014-09-15 20:31 ` hasufell
2014-09-15 20:55 ` Ian Stakenvicius
2014-09-15 21:09 ` hasufell
2014-09-15 18:51 ` [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) Rich Freeman
2014-09-17 20:02 ` Diamond
2014-09-18 0:36 ` Kent Fredric
2014-09-18 1:01 ` Rich Freeman
2014-09-18 5:04 ` Kent Fredric
2014-09-18 19:33 ` Diamond
2014-09-18 20:00 ` Rich Freeman
2014-09-18 20:33 ` Diamond
2014-09-18 20:54 ` Peter Stuge
2014-09-18 20:08 ` [gentoo-dev] Git copy detection (was: My masterplan for git migration...) W. Trevor King
2014-09-18 21:01 ` Diamond
2014-09-18 21:29 ` W. Trevor King
2014-09-18 22:13 ` Diamond
2014-09-18 23:26 ` Kent Fredric
2014-09-18 23:30 ` Peter Stuge
2014-09-18 23:21 ` [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) Kent Fredric
2014-09-19 17:36 ` [gentoo-dev] " Martin Vaeth
2014-09-15 17:38 ` [gentoo-dev] " Ian Stakenvicius
2014-09-15 7:22 ` Michał Górny
2014-09-15 17:18 ` Ian Stakenvicius
2014-09-16 17:17 ` Luca Barbato
2014-09-16 18:56 ` hasufell
2014-09-17 4:01 ` Daniel Campbell
2014-09-17 15:28 ` [gentoo-dev] gentoo git step by step guide hasufell
2014-09-17 15:38 ` Rich Freeman
2014-09-18 13:08 ` hasufell
2014-09-16 17:07 ` [gentoo-dev] My masterplan for git migration (+ looking for infra to test it) Luca Barbato
2014-09-16 17:27 ` Rich Freeman
2014-09-14 14:28 ` Kent Fredric
2014-09-14 14:33 ` [gentoo-dev] " Rich Freeman
2014-09-14 14:56 ` Michał Górny
2014-09-14 15:51 ` Rich Freeman
2014-09-14 16:10 ` hasufell
2014-09-14 16:49 ` Dirkjan Ochtman
2014-09-15 7:53 ` Fabian Groffen
2014-09-15 19:30 ` William Hubbs
2014-09-15 19:55 ` Anthony G. Basile
2014-09-15 19:58 ` Rich Freeman
2014-09-16 5:27 ` Fabian Groffen
2014-09-16 6:39 ` Ulrich Mueller
2014-09-16 10:18 ` hasufell
2014-09-16 10:30 ` Alan McKinnon
2014-09-17 8:34 ` Michał Górny
2014-09-16 11:26 ` Rich Freeman
2014-09-16 11:36 ` hasufell
2014-09-16 13:44 ` Pacho Ramos
2014-09-16 13:55 ` Rich Freeman
2014-09-16 15:28 ` Pacho Ramos
2014-09-16 18:02 ` Duncan
2014-09-16 18:58 ` vivo75
2014-09-20 16:50 ` [gentoo-dev] Re: git migration Steven J. Long
2014-09-20 16:48 ` hasufell
2014-09-20 17:04 ` Rich Freeman
2014-09-20 17:07 ` hasufell
2014-09-17 5:00 ` [gentoo-dev] Re: My masterplan for git migration (+ looking for infra to test it) Daniel Campbell
2014-09-17 8:33 ` Michał Górny
2014-09-17 9:56 ` Ulrich Mueller
2014-09-17 12:14 ` Rich Freeman
2014-09-15 20:18 ` Michał Górny
2014-09-15 20:29 ` W. Trevor King
2014-09-15 20:33 ` W. Trevor King
2014-09-16 17:35 ` Duncan
2014-09-16 17:52 ` W. Trevor King
2014-09-16 18:06 ` W. Trevor King
2014-09-16 18:24 ` Duncan
2014-09-16 18:40 ` Brian Dolbec
2014-09-17 8:36 ` Michał Górny
2014-09-17 17:02 ` W. Trevor King
2014-09-15 20:49 ` Rich Freeman
2014-09-15 21:13 ` hasufell
2014-09-15 21:43 ` Anthony G. Basile
2014-09-16 17:10 ` Duncan
2014-09-14 15:11 ` [gentoo-dev] gentoo git workflow hasufell
2014-09-14 16:06 ` Rich Freeman
2014-09-14 18:04 ` Andreas K. Huettel
2014-09-14 19:12 ` William Hubbs
2014-09-14 19:34 ` hasufell
2014-09-14 19:49 ` "C. Bergström"
2014-09-14 20:04 ` hasufell
2014-09-15 5:36 ` [gentoo-dev] " Duncan
2014-09-14 20:32 ` [gentoo-dev] " Andreas K. Huettel
2014-09-15 11:37 ` hasufell
2014-09-15 12:57 ` Rich Freeman
2014-09-15 13:13 ` hasufell
2014-09-15 13:57 ` Rich Freeman
2014-09-15 14:22 ` hasufell
2014-09-15 14:26 ` Ian Stakenvicius
2014-09-15 14:46 ` Rich Freeman
2014-09-15 15:02 ` hasufell
2014-09-15 15:58 ` Rich Freeman
2014-09-15 16:12 ` hasufell
2014-09-15 14:49 ` hasufell
[not found] ` <CAMMrfH7AgFvFKcCT9di35Dfn2CSaM=fs8fdisdeQ8XDZmRge1w@mail.gmail.com>
2014-09-16 13:24 ` [gentoo-dev] Re: [gentoo-scm] Re: My masterplan for git migration (+ looking for infra to test it) Rich Freeman
2014-09-14 17:15 ` [gentoo-dev] " James Cloos
2014-09-14 20:39 ` vivo75
2014-09-14 20:56 ` Ivan Viso Altamirano
2014-09-14 21:14 ` Peter Stuge
-- strict thread matches above, loose matches on Subject: below --
2014-09-15 11:39 [gentoo-dev] git security (SHA-1) Tomáš Pružina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140917123616.698dc947@googlemail.com \
--to=ciaran.mccreesh@googlemail.com \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox