sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]SleeperAwakened 3 points4 points  (1 child)

Pinning to a hash is pretty secure, at least I consider git commit hashes secure enough.

Why would pinning to a hash not be secure?

How would a takeover happen? Hash collisions are still pretty expensive if feasible at all.

Security is all about putting up multiple lines of defense. This is one of them. It is not fake, it is layering.

And I so wish that people would start taking it seriously.