Tag
A research paper reveals that Git commit hashes can be malleated to produce a second valid commit with a different hash but identical content and valid signature, undermining trust in commit hash integrity and supply-chain security.