[krallja]

Until a few weeks ago, SHA-1 collisions had never been demonstrated.

[kazinator]

But, in any case, that's in the cryptographic realm.

Git hashes aren't digital signatures for cryptographic authenticity.

[hkdennis2k]

They are.

The git tag and signing verify logic assume the sha-1 hashes for integrity.

[kazinator]

Hashing for integrity and authenticity are different things.

For instance, a mere four byte CRC-32 can reasonably assure integrity in some situations, like when used on sufficiently small payload frames; yet it is not useful as a digest for certifying authenticity.

SHA-1 is suitable for integrity.

[belovedeagle]

That it may be, but in git, SHA-1 is also used for authenticity. "Signing a commit" only authenticates one commit, and is considered to authenticate the state of the repository only insofar as it authenticates the SHA-1 references contained in the topmost commit.