Key.hs · 6b52fcbb7ec66640936928a048fcaa33ba017867 · mirrors / git-annex

GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption, please take a look at our documentation.

Blame History

SHA1 collisions in key names was more exploitable than I thought · 6b52fcbb

Joey Hess authored Feb 24, 2017

Yesterday's SHA1 collision attack could be used to generate eg:

SHA256-sfoo--whatever.good
SHA256-sfoo--whatever.bad

Such that they collide. A repository with the good one could have the
bad one swapped in and signed commits would still verify.

I've already mitigated this.

6b52fcbb

Admin message