graywolf on Nostr: npub19amud…hqjn6 So I admit I had to try it, but it seems to fetch from software ...
npub19amud7rggjx0u77wqqa84x537x7g5nws9pqdgu5qadgypfreyv2s5hqjn6 (npub19am…qjn6) So I admit I had to try it, but it seems to fetch from software heritage by the commit hash, so the url can be literally anything (I tried with `http://a';).
That seems somewhat cool.
However the behavior seems bit.. confusing. Iff the url is not a git repository, it fallback to SWH. Otherwise it just tries to get the commit from the repository, but no fallback is done. That part seems weird.
I have no idea how resistant is git to hash collisions (if someone controls both repositories), so I am curious whether there is a possible attack vector.
That seems somewhat cool.
However the behavior seems bit.. confusing. Iff the url is not a git repository, it fallback to SWH. Otherwise it just tries to get the commit from the repository, but no fallback is done. That part seems weird.
I have no idea how resistant is git to hash collisions (if someone controls both repositories), so I am curious whether there is a possible attack vector.