SHA1 collisions make Git vulnerable to attacks
metzdowd.com
wyldfire
38 minutes ago
zamalek
9 minutes ago
This argument still assumes that Git uses SHA1 for security. Linus points that out and John doesn't attempt to refute it, simply ignoring it. Linus should have used Murmur, CityHash or something - a SHA1 collision was going to happen eventually. By using a content identification hash function we could have avoided this argument entirely.
jcoffland
6 minutes ago
A SHA1 collision has happened.
