История изменений

Нет, он говорит, что:

Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation.

I say «mainly», because yes, in git we also end up using the SHA1 when we use «real» cryptography for signing the resulting trees, so the hash does end up being part of a certain chain of trust. So we do take advantage of some of the actual security features of a good cryptographic hash, and so breaking SHA1 does have real downsides for us.

То есть они дырки-то закрыли.

И вот ещё:

And finally, there's actually a reasonably straightforward transition to some other hash that won't break the world - or even old git repositories.

Нет, он говорит, что:

Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation.

То есть они дырки-то закрыли.

И вот ещё:

And finally, there's actually a reasonably straightforward transition to some other hash that won't break the world - or even old git repositories.

Нет, он говорит, что:

Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation.

То есть они дырки-то закрыли.

Нет, он говорит, что:

(2) Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation.

:)