diff options
author | Joey Hess <joeyh@joeyh.name> | 2017-02-27 16:11:35 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2017-02-27 16:11:35 -0400 |
commit | b3ac6ef857c68721aba650e4d84467d2485ea268 (patch) | |
tree | 4fdcd272588c357023d920de860729bd8aeea7d1 | |
parent | 025b8102e5741f437e970eb29593ced31b0554e4 (diff) |
devblog
-rw-r--r-- | doc/devblog/day_451__annex.securehashesonly.mdwn | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/devblog/day_451__annex.securehashesonly.mdwn b/doc/devblog/day_451__annex.securehashesonly.mdwn new file mode 100644 index 000000000..d0407d0e8 --- /dev/null +++ b/doc/devblog/day_451__annex.securehashesonly.mdwn @@ -0,0 +1,16 @@ +The new annex.securehashesonly config setting prevents annexed content +that does not use a cryptographically secure hash from being downloaded or +otherwise added to a repository. + +Using that and signed commits prevents SHA1 collisions from causing +problems with annexed files. See [[tips/using_signed_git_commits]] for +details about how to use it, and why I believe it makes git-annex +safe despite git's vulnerability to SHA1 collisions in general. + +If you are using git-annex to publish binary files in a repository, +you should follow the instructions in [[tips/using_signed_git_commits]]. + +If you're using git to publish binary files, you can improve the security +of your repository by switchingto git-annex and signed commits. + +Today's work was sponsored by Riku Voipio. |