mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

larger headings

Browse source
This commit is contained in:
Joey Hess 2017-02-27 16:17:19 -04:00
parent b78703ca4e
commit 3f876f72e3
No known key found for this signature in database
GPG key ID: C910D9222512E3C7
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/tips/using_signed_git_commits.mdwn
View file

@ -6,7 +6,7 @@ is the same data that was originally commited to it.
This is recommended if you are storing any kind of binary This is recommended if you are storing any kind of binary
files in a git repository. files in a git repository.
### How to do it ## How to do it
You need git-annex 6.20170228. Upgrade if you don't have it. You need git-annex 6.20170228. Upgrade if you don't have it.
@ -28,7 +28,7 @@ Use `git log --show-signature` to check the signatures of commits.
If the signature is valid, it guarantees that all annexed files If the signature is valid, it guarantees that all annexed files
have the same content that was orignally committed. have the same content that was orignally committed.
### Why is this more secure than git alone? ## Why is this more secure than git alone?
SHA1 collisions exist now, and can be produced using a common-prefix SHA1 collisions exist now, and can be produced using a common-prefix
attack. See <https://shattered.io/>. Let's assume that a chosen-prefix attack. See <https://shattered.io/>. Let's assume that a chosen-prefix