THE article discusses the implications of GitHub's 'verified' commits being potentially rewritten into new hash values without breaking their signatures. This issue raises concerns about the integrity and security of version control in software development. Key points include the impact on trust in the commit verification process and possible exploitation by malicious actors to manipulate commit histories.
GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
CyberSIXT Evidence Panel
Source marked as original reporting
Article by CyberSIXT