Git uses SHA-1, and it is common to sign Git commit or tag hashes to authenticate a repo. Is this insecure now?
Asked
Active
Viewed 66 times
1
-
You are talking about GPG signed commits and tags, right? – mikeazo Mar 03 '16 at 17:50
-
@mikeazo yes, GPG signed – Demi Mar 03 '16 at 17:53
-
3How does this not answer your question? Note that Git is very much applied crypto... – Maarten Bodewes Mar 03 '16 at 18:03
-
It does answer my question. – Demi Mar 03 '16 at 18:12