See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813157 for more information why.
The tl;dr here is: * By default Git doesn't verify the sha1 checksums it receives by default. * It doesn't look like we've got any inconsistencies in our repositories I use, though. That's good! * To turn on verification, I think you run:
git config --add transfer.fsckobjects true git config --add fetch.fsckobjects true git config --add receive.fsckobjects true
peace,
On Tue, 02 Feb 2016, Nick Mathewson wrote:
The tl;dr here is:
- By default Git doesn't verify the sha1 checksums it receives by default.
- It doesn't look like we've got any inconsistencies in our
repositories I use, though. That's good!
- To turn on verification, I think you run:
git config --add transfer.fsckobjects true git config --add fetch.fsckobjects true git config --add receive.fsckobjects true
I suspect that setting things globally (in your ~/.gitconfig) git config --global --add transfer.fsckobjects true git config --global --add fetch.fsckobjects true git config --global --add receive.fsckobjects true might also work. (However, I haven't verified it.)
Cheers,
On 02/02/16 18:56, Peter Palfrader wrote:
On Tue, 02 Feb 2016, Nick Mathewson wrote:
The tl;dr here is:
- By default Git doesn't verify the sha1 checksums it receives by default.
- It doesn't look like we've got any inconsistencies in our
repositories I use, though. That's good!
- To turn on verification, I think you run:
git config --add transfer.fsckobjects true git config --add fetch.fsckobjects true git config --add receive.fsckobjects trueI suspect that setting things globally (in your ~/.gitconfig) git config --global --add transfer.fsckobjects true git config --global --add fetch.fsckobjects true git config --global --add receive.fsckobjects true might also work. (However, I haven't verified it.)
Tested with
$ for i in transfer fetch receive; do git config --global --replace-all "$i.fsckObjects" true; done
(--replace-all makes it idempotent).
I wrote "fsckObjects" because it's quicker to verify - the man page for git-config says fsckObjects rather than fsckobjects and then you need to do some extra digging to assure yourself it's case-insensitive.
X
I suspect that setting things globally (in your ~/.gitconfig) git config --global --add transfer.fsckobjects true git config --global --add fetch.fsckobjects true git config --global --add receive.fsckobjects true might also work. (However, I haven't verified it.)
You only need the first (transfer.fsckobjects). According to both the thread and git's man page the other two adopt its value ("If not set, the value of transfer.fsckObjects is used instead.").
-
Damian Johnson -
Nick Mathewson -
Peter Palfrader -
Ximin Luo