22421faa19
Any attacker who managed to make an evil commit that changed something in the contrib/verify-commits/ directory could just as easily remove the warning and/or modify it to not display the evil commits; telling the user to check those commits specifically misleads them into checking just those commits rather than the script itself. |
||
|---|---|---|
| .. | ||
| allow-revsig-commits | ||
| gpg.sh | ||
| pre-push-hook.sh | ||
| trusted-git-root | ||
| trusted-keys | ||
| verify-commits.sh | ||