Attack on git signature verification via crafting multiple signatures

This article shortly explains the historical git weakness regarding handling commits with multiple OpenPGP signatures in git older than v2.20. The method of creating such commits is presented, and the results of using them are described and analyzed.

Continue reading

Leave a Reply

Your email address will not be published.