On 02/02/16 18:56, Peter Palfrader wrote:
On Tue, 02 Feb 2016, Nick Mathewson wrote:
The tl;dr here is:
- By default Git doesn't verify the sha1 checksums it receives by default.
- It doesn't look like we've got any inconsistencies in our
repositories I use, though. That's good!
- To turn on verification, I think you run:
git config --add transfer.fsckobjects true git config --add fetch.fsckobjects true git config --add receive.fsckobjects trueI suspect that setting things globally (in your ~/.gitconfig) git config --global --add transfer.fsckobjects true git config --global --add fetch.fsckobjects true git config --global --add receive.fsckobjects true might also work. (However, I haven't verified it.)
Tested with
$ for i in transfer fetch receive; do git config --global --replace-all "$i.fsckObjects" true; done
(--replace-all makes it idempotent).
I wrote "fsckObjects" because it's quicker to verify - the man page for git-config says fsckObjects rather than fsckobjects and then you need to do some extra digging to assure yourself it's case-insensitive.
X