[nebulous1]

He doesn't mean manually recognising the fingerprint

[Ajedi32]

Correct. He's talking about the automated method used on shattered.io to detect files which use the attack. See: https://github.com/cr-marcstevens/sha1collisiondetection

They're basically building that into git so that if this specific collision attack is ever used, git will notice and throw a warning/error.

[strictfp]

Thanks, I misread that. I meant that he says

"But if you use git for source control like in the kernel, the stuff you really care about is source code, which is very much a transparent medium. If somebody inserts random odd generated crud in the middle of your source code, you will absolutely notice. "

, which I think is a very weak argument.