Reputation: 4609
Validate source code authenticity from git repository
Suppose there is a bug in git causing developers commit incorrect changes to the repository so that sources checked out do not match what they have locally under same hash. I understand that hash protects structure of git objects, not checked out sources.
Does git have any safeguard mechanisms that make this less likely than one might think?
Upvotes: 2
Views: 359
Answers (1)
Reputation: 1324537
That would only happen if there is a SHA1 collision, meaning if the content SHA1 is the same as the one stored in the Git repo.
You can check that by computing yourself the SHA1 of a file you just checked out.
See also "How does git compute file hashes?".
The probability of a collision (two different content for the same SHA1) is very low: see "Why does Git use a cryptographic hash function?".
Upvotes: 2
Related Questions
- Verifying signed git commits?
- Verify the Git Credentials supplied by the User
- How to verify I checked out the right code?
- git check if working copy repository exists and validate it
- checking integrity of a git repo
- Verify git integrity
- Inner workings of Git integrity check
- Validate local GIT repository clone is sourced from master GitHub repository
- How to verify integrity of git repo
- What information do I need to prove the integrity of my entire Git repository?