diff options
Diffstat (limited to 'CHANGELOG')
-rw-r--r-- | CHANGELOG | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -33,8 +33,9 @@ git-annex (6.20170215) UNRELEASED; urgency=medium to wget, since curl is able to display only errors to stderr, unlike wget. * status: Pass --ignore-submodules=when option on to git status. - * Tighten key parser to mitigate against hypothetical SHA1 chosen-prefix - attacks. This ensures that signed git commits of annexed files + * Tighten key parser to prevent SHA1 collision attacks generating + two keys that have the same SHA1. (Only done for keys that contain + a hash). This ensures that signed git commits of annexed files will remain secure, as long as git-annex is using a secure hashing backend. |