mirror of
https://github.com/git-for-windows/git.git
synced 2026-05-01 21:59:56 -05:00
268d5bc2b2
The "git push --signed" protocol extension did not limit what the "nonce" that is a server-chosen string can contain or how long it can be, which was unnecessarily lax. Limit both the length and the alphabet to a reasonably small space that can still have enough entropy. * jc/push-cert: push --signed: tighten what the receiving end can ask to sign
13 KiB
13 KiB