Nice write-up. Thanks for sharing.<p>Some may not remember BitKeeper being used to maintain the Linux kernel source code and how a discrepancy was found (22 years ago) between that repo and the CVS repo. This kind of led to git and signed commits that we have today, etc.<p>Here's a short write up: <a href="https://blog.citp.princeton.edu/2013/10/09/the-linux-backdoor-attempt-of-2003/" rel="nofollow">https://blog.citp.princeton.edu/2013/10/09/the-linux-backdoo...</a>
Seems this is related to SHA1 being used on gnupg. Will be interesting on how this plays out when SHA1 in gpg is obsoleted. I am not looking forward to that.<p>Then there is the added complexity of git using SHA1, I do not know if that has been changed yet.<p>Fun times ahead.<p>FWIW, I changed my git commit signing to ssh-ed25519 from gnupg about a month ago.
> since more than 20 years.<p>a bit sad that "since for time_points, for for time_duration" grammar rule isn't as well known as it should