npub19amud7rggjx0u77wqqa84x537x7g5nws9pqdgu5qadgypfreyv2s5hqjn6 (npub19am…qjn6) So I admit I had to try it, but it seems to fetch from software heritage by the commit hash, so the url can be literally anything (I tried with `http://a';).
That seems somewhat cool.
However the behavior seems bit.. confusing. Iff the url is not a git repository, it fallback to SWH. Otherwise it just tries to get the commit from the repository, but no fallback is done. That part seems weird.
I have no idea how resistant is git to hash collisions (if someone controls both repositories), so I am curious whether there is a possible attack vector.
graywolf /
npub1ne…8uq7k
2024-03-10 16:39:38
in reply to nevent1q…q8qd
Author Public Key
npub1nefrrwuefssnkj6mc8gjkqfxp0z2sgutw7eclqw3h5ns6qm7g7js58uq7kPublished at
2024-03-10 16:39:38Event JSON
{
"id": "f5e76ac8c8373075301cf9054f57d93ca34fe485cfa5e438d88eb2b67047c795",
"pubkey": "9e5231bb994c213b4b5bc1d12b01260bc4a8238b77b38f81d1bd270d037e47a5",
"created_at": 1710088778,
"kind": 1,
"tags": [
[
"p",
"2f77c6f868448cfe7bce003a7a9a91f1bc8a4dd02840d47280eb5040a4792315",
"wss://relay.mostr.pub"
],
[
"p",
"a2f3c64c54a02b513cdf0462dbbd46f37b07ab9e2b4c1edf49df645c511e7cdd",
"wss://relay.mostr.pub"
],
[
"e",
"6d1f8488b84d7825f4df068f309ba37a38ce16d007b5bbffa2e832d9c18f859f",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://emacs.ch/users/graywolf/statuses/112072378165587120",
"activitypub"
]
],
"content": "nostr:npub19amud7rggjx0u77wqqa84x537x7g5nws9pqdgu5qadgypfreyv2s5hqjn6 So I admit I had to try it, but it seems to fetch from software heritage by the commit hash, so the url can be literally anything (I tried with `http://a').\n\nThat seems somewhat cool.\n\nHowever the behavior seems bit.. confusing. Iff the url is not a git repository, it fallback to SWH. Otherwise it just tries to get the commit from the repository, but no fallback is done. That part seems weird.\n\nI have no idea how resistant is git to hash collisions (if someone controls both repositories), so I am curious whether there is a possible attack vector.",
"sig": "891f885153db104a4559796dee4b2b33db57b7cbf682252247f4b85ff3096d3a44d4f6497809e4631d4d4076de8bf9e9d4c84ec0b6f4cc8e8a8d1fca7d078a91"
}