diff options
| -rw-r--r-- | doc/devblog/day_451__annex.securehashesonly.mdwn | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/devblog/day_451__annex.securehashesonly.mdwn b/doc/devblog/day_451__annex.securehashesonly.mdwn new file mode 100644 index 000000000..d0407d0e8 --- /dev/null +++ b/doc/devblog/day_451__annex.securehashesonly.mdwn @@ -0,0 +1,16 @@ +The new annex.securehashesonly config setting prevents annexed content +that does not use a cryptographically secure hash from being downloaded or +otherwise added to a repository. + +Using that and signed commits prevents SHA1 collisions from causing +problems with annexed files. See [[tips/using_signed_git_commits]] for +details about how to use it, and why I believe it makes git-annex +safe despite git's vulnerability to SHA1 collisions in general. + +If you are using git-annex to publish binary files in a repository, +you should follow the instructions in [[tips/using_signed_git_commits]]. + +If you're using git to publish binary files, you can improve the security +of your repository by switchingto git-annex and signed commits. + +Today's work was sponsored by Riku Voipio. |