
On 02/02/16 18:56, Peter Palfrader wrote:
On Tue, 02 Feb 2016, Nick Mathewson wrote:
The tl;dr here is: * By default Git doesn't verify the sha1 checksums it receives by default. * It doesn't look like we've got any inconsistencies in our repositories I use, though. That's good! * To turn on verification, I think you run:
git config --add transfer.fsckobjects true git config --add fetch.fsckobjects true git config --add receive.fsckobjects true
I suspect that setting things globally (in your ~/.gitconfig) git config --global --add transfer.fsckobjects true git config --global --add fetch.fsckobjects true git config --global --add receive.fsckobjects true might also work. (However, I haven't verified it.)
Tested with $ for i in transfer fetch receive; do git config --global --replace-all "$i.fsckObjects" true; done (--replace-all makes it idempotent). I wrote "fsckObjects" because it's quicker to verify - the man page for git-config says fsckObjects rather than fsckobjects and then you need to do some extra digging to assure yourself it's case-insensitive. X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git