Comment by londons_explore
2 years ago
In which case, yeah, thats a vulnerability. They shouldn't allow a short hash to match up against anything but public data.
2 years ago
In which case, yeah, thats a vulnerability. They shouldn't allow a short hash to match up against anything but public data.
It's common to use short hash in pull request, and then modify or rebase the commits.
The solutions are:
* Force people to use the full hash.
* Get use to a lot of dead links.
* Claim that it's a feature, not a bug.
* Force people to use the full hash for commits pushed now on?
* Check visibility at the time of posting.