Hacker News new | past | comments | ask | show | jobs | submit login

Yes. He chose to design his system with no ability to migrate and use a hash algorithm that was already known to be flawed.

https://www.metzdowd.com/pipermail/cryptography/2017-Februar...




Oh, you're not talking about him dismissing news of practical attacks as a direct threat, you're talking about him being dismissive very early on about the idea that he was doing a bad job of picking a hash.

Yeah, okay, he was wrong to be dismissive there.


From the threat it looks like Linus' threat model for git is simply different from the common use today. Of course a judgement under a different threat model would make it seem like a bad tradeoff!


It's more that Linus:

1. Didn't understand the attack

2. Doesn't understand security

3. Doesn't care

He's shown this repeatedly for decades.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: