Git is insecure by default

Git is insecure by default(groups.google.com)

11 points by doki_pen 10 years ago | 2 comments

doki_pen 10 years ago |

What this means is git doesn't make sure that blobs match shas on fetch. Malicious control of source or network can insert nasty things and git won't notice. Solution is setting transfer.fsckobjects = true.

noselasd 10 years ago | |

Any good reason this isn't the default ?

doki_pen 10 years ago |

What this means is git doesn't make sure that blobs match shas on fetch. Malicious control of source or network can insert nasty things and git won't notice. Solution is setting transfer.fsckobjects = true.

noselasd 10 years ago | |

Any good reason this isn't the default ?