☆ Yσɠƚԋσʂ ☆@lemmy.ml to Security@lemmy.mlEnglish · edit-210 hours agoAny signed GitHub commit can be copied, without the author's secret key, creating a distinct commit with an identical tree, metadata, a valid signature, and a "Verified" badgewww.internationalcyberdigest.comexternal-linkmessage-square5fedilinkarrow-up15arrow-down11file-text
arrow-up14arrow-down1external-linkAny signed GitHub commit can be copied, without the author's secret key, creating a distinct commit with an identical tree, metadata, a valid signature, and a "Verified" badgewww.internationalcyberdigest.com☆ Yσɠƚԋσʂ ☆@lemmy.ml to Security@lemmy.mlEnglish · edit-210 hours agomessage-square5fedilinkfile-text
minus-square☆ Yσɠƚԋσʂ ☆@lemmy.mlOPlinkfedilinkarrow-up3·5 hours agoRight, it’s not a serious exploit which would allow changing code, but it does allow compromising integrity because changing the id mutates history.
Right, it’s not a serious exploit which would allow changing code, but it does allow compromising integrity because changing the id mutates history.