[ReligiousFlames]

On git moving away from SHA1: it's about time.

- There shouldn't be too many nor too few hash algos. Too many: paradox of choice, user confusion and interop overhead. Too few: security monoculture risks being broken by well-funded state actors

- Sane, future-ready default: SHA3-512

Also, git GPG signing should change to signing content, in addition to or instead of, hashes.

[adrianN]

Isn't signing a hash the standard procedure for signatures?

[dozzie]

The thing is, you are signing hash of a hash of data instead of simply hash of data.

[lgas]

What would be the benefit of signing content instead of hashes?

[rurban]

The benefit would be to trust the content, and not the hash of the content. Esp. with SHA1 being the only hash so far.