From ef24392f8488cf3649c422eeab614a056d89d2d0 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Fri, 24 Feb 2017 00:28:15 -0400
Subject: updates

---
 doc/todo/sha1_collision_embedding_in_git-annex_keys.mdwn | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'doc/todo')

diff --git a/doc/todo/sha1_collision_embedding_in_git-annex_keys.mdwn b/doc/todo/sha1_collision_embedding_in_git-annex_keys.mdwn
index 7acbfde13..dc3dccdc5 100644
--- a/doc/todo/sha1_collision_embedding_in_git-annex_keys.mdwn
+++ b/doc/todo/sha1_collision_embedding_in_git-annex_keys.mdwn
@@ -30,5 +30,7 @@ A few other potential problems:
 * It might be possible to embed colliding data in a specially constructed
   key name with an extra field in it, eg "SHA256-cXXXXXXXXXXXXXXX-...".
   Need to review the code and see if such extra fields are allowed.  
+
   Update: All fields are numeric, but could contain arbitrary data
-  after the number. (fixed now)
+  after the number. This has been fixed; git-annex refuses to parse
+  such fields, so it won't work with files that try to exploit this.
-- 
cgit v1.2.3