Fabian Bäumer nem ezt írja... nem csak a szerverről lehet signature-öket "gyűjteni"...
There are instances where this vulnerability can be exploited without the need to compromise a server in advance.
One such case is the use of SSH keys for signing Git commits. A common setup involves using Pageant, the ssh-agent of PuTTY, locally and forwarding the agent to a development host.
Here, you configure Git to use OpenSSH to sign Git commits with the SSH key provided by Pageant. The signature is then generated by Pageant, making it susceptible to private key recovery.
This is particularly concerning as git signatures may be publicly accessible, for example, if the commit is pushed to a public repository on GitHub.